How to Setup SSH public-key or password-less authentication in Ubuntu
|
|
Here’s how to setup public-key (or passwordless) authentication in Ubuntu or any other Linux based operating system that use OpenSSH.
First make sure you’ve remote SSH server running and accepting connection. Then you need to generate ssh key on local server (I prefer RSA). You can enter passphrase for added security, or leave it blank for passwordless authentication.
local:~$ ssh-keygen -t rsa
Enter passphrase (empty for no passphrase):
The command will generate id_rsa and id_rsa.pub files. The files will be save in ~/.ssh/ directory. Then copy id_rsa.pub file to the remote server using SCP. Read How to use SCP on Linux or other UNIX-based Environment for more information about SCP
local:~$ scp id_rsa.pub [email protected]:~/
Then you have to connect to the remote host and append the id_rsa.pub public key file to the list of “authorized_keys“. Don’t forget to chmod the authorized_keys file and .ssh directory, or OpenSSH won’t work correctly
local:~$ ssh [email protected]
#now we are on remote server!
remote:~$ cat id_rsa.pub >> ~/.ssh/authorized_keys
remote:~$ chmod 644 ~/.ssh/authorized_keys
remote:~$ chmod 700 ~/.ssh
Make sure you have edited the “/etc/ssh/sshd_config” file to allow Public key authentication and RSA authentication.
#sshd_config file
PermitRootLogin no
...snip...
RSAAuthentication yes
PubkeyAuthentication yes
...snip..
Save and restart sshd server daemon by running the following command.
remote:~$ sudo /etc/init.d/ssh restart
After that, logout from the remote host to test the Public-key authentication
remote:~$ exit
local:~$
Testing the SSH public-key authentication
To test the public-key authentication, simply connect to remote server normally using ssh, and if things have gone smoothly you’ll be prompted to enter your passphrase, instead of password.
local:~$ ssh [email protected]
Enter passphrase for key '/home/username/.ssh/id_rsa':
Note that you will not be prompted to enter passphrase/password if you’ve generated a key with “blank passphrase“, effectively making your login “passwordless”. For added security, it is advised that you disable normal interactive-keyboard password option and rely fully on public-key authentication by changing sshd_config line from:
PasswordAuthentication yes
to
PasswordAuthentication no
p/s: this tutorial was adapted from Shortest passwordless ssh tutorial, ever with updated notes for latest OpenSSH release
Tags: debian, linux, openssh, pki, public-key, publickey, remote, remote access, rsa, secure, security, shell, ssh, ubuntu, unix
Keep updated with the latest posts, be a part of over 1,000 subscribers! : 
Subscribe to your email
You might also want to read...
- How to secure your SSH server
- My new GPG public key
- How to setup Secure Webserver HTTPS (SSL) on Apache in Ubuntu
- Limiting the number of connections to SSH Server using Iptables
- Iptables rule to safeguard SSH server from crackers
- How to use GNU Privacy Guard (GPG) – Encrypt, Decrypt, Sign and Verifying identities
- SSH with PHP 4
October 27th, 2010 at 12:51 am
You may want to check out ssh-copy-id. It simplifies the transfer of your public key.