Table of Contents
In this article, I will take you through 6 Simple Steps to setup passwordless ssh login using ssh keygen. SSH is a network protocol that allows one computer to connect to another computer over an unsecure network like Internet.Without encryption,data transfer over the Internet in a plain text form makes it easier for somebody to intercept important information like user name and password and then use it.However ssh provides a mechansim where all the data will be encrypted through a tunnel and hence allows you to connect to a remote machine securely, transfer data securely and even allow you launch command for the remote machine safely.
What is SSH
SSH is also known as secure shell or secure socket shell protocol which is mainly used to connect to remote server securely. ssh connection by default always happens on port 22. Although you have an option to change this port from sshd_config configuration file but usually it is not recommended to.
Types of SSH Authentication
- Password Based Authentication
- Key Based Authentication
How SSH Keygen Authentication Works ?
SSH primarily works on a Client Server Model. In this model, you will have a public/private key pair which can be generated through tools like ssh keygen on linux. Then your public key will always be stored in Server and client which is usually a computer makes contact with ssh server and provide id of the key pair it wants to prove his identity. The ssh server then creates a challenge which is encrypted by the public key and sent back to the client.You as a client then take back the challenge decrypt it with the private key and send original channel back to ssh server. Once the negotiation is complete,connection is established now between client and server successfully.
What is SSH without password login ?
SSH without password login means whenever you try to login to remote server using secure shell(ssh), you need not to be given any ssh password. This is mostly required when you want to perform some task on multiple servers by connecting the servers through ssh.
What is SSH Keygen
As per ssh keygen man page, ssh-keygen generates, manages and converts authentication keys for ssh(1). ssh-keygen can create keys for use by SSH protocol versions 1 and 2. Protocol 1 should not be used and is only offered to support legacy devices. It suffers from a number of cryptographic weaknesses and doesn’t support many of the advanced features available for protocol 2.
What is SSH keygen RSA login algorithm ?
It means ssh keygen tool uses rsa login algorithm to generate public/private rsa login key pair. As per RSA Documentation, The Rivest-Shamir-Adleman public-key algorithm (RSA) is the most widely used asymmetric cipher. It derives its security from the difficulty of factoring large integers that are the product of two large primes of roughly equal size. Factoring is widely believed to be intractable (i.e., infeasible, admitting no efficient, polynomial-time solution), although this isn’t proven. RSA can be used for both encryption and signatures.
What is SSH key login ?
This is another method of authentication in which you do not require any password to be given for authentication. It will be based on private key authentication where you already have public key added to your server.
Passwordless SSH Login using SSH keygen
Also Read: How to Install or Enable ssh on ubuntu
Step 1: Prerequisites
Ubuntu 18.04: 192.168.0.105
CentOS 7: 192.168.0.106
Step 2: Create Authentication Keys using SSH keygen RSA
In the beginning you need to create a public/private key pair using rsa algorithm by running ssh-keygen -t rsa
command.
[root@localhost ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:8jmxYUbWNBkEKZzrn/gMoRYjYOWOaoNxfeBwn135edw root@localhost
The key's randomart image is:
+---[RSA 2048]----+
| . . ..+=o |
| o + .o.o |
|....o oo + |
|..o= o.= . . o . |
|..o.=.* S o o E|
|oo . =.* = . |
|oo o .o=. |
|. .. .oo. |
| .o |
+----[SHA256]-----+
If you want to check all the cipher supported by ssh, you can check that by running ssh -Q cipher
command.
[root@localhost ~]# ssh -Q cipher
3des-cbc
blowfish-cbc
cast128-cbc
arcfour
arcfour128
arcfour256
aes128-cbc
aes192-cbc
aes256-cbc
rijndael-cbc@lysator.liu.se
aes128-ctr
aes192-ctr
aes256-ctr
aes128-gcm@openssh.com
aes256-gcm@openssh.com
chacha20-poly1305@openssh.com
If you want to check all the Key supported by ssh, you can check that by using ssh -Q key
command.
[root@localhost ~]# ssh -Q key
ssh-ed25519
ssh-ed25519-cert-v01@openssh.com
ssh-rsa
ssh-dss
ecdsa-sha2-nistp256
ecdsa-sha2-nistp384
ecdsa-sha2-nistp521
ssh-rsa-cert-v01@openssh.com
ssh-dss-cert-v01@openssh.com
ecdsa-sha2-nistp256-cert-v01@openssh.com
ecdsa-sha2-nistp384-cert-v01@openssh.com
ecdsa-sha2-nistp521-cert-v01@openssh.com
Step 3: Create .ssh directory on remote Server
Now you need to create a hidden .ssh directory under user home directory in remote server using ssh test@192.168.0.105 mkdir -p .ssh
command. Notice that here user home directory will be /home/test
directory under which .ssh directory will be created.
[root@localhost ~]# ssh test@192.168.0.105 mkdir -p .ssh
test@192.168.0.105's password:
You can go to remote server and verify if .ssh directory created under /home/test directory or not.
test@localhost:~$ pwd /home/test test@localhost:~$ ls -lrtd .ssh/ drwx------ 2 test test 4096 Jan 12 18:38 .ssh/
Step 4: Copy Public Key to remote Server SSH authorized_keys
Once .ssh directory created, now you need to copy your public key to a file known as authorized_keys
under .ssh directory in the remote server as shown below.
[root@localhost ~]# cat ~/.ssh/id_rsa.pub | ssh test@192.168.0.105 'cat >> .ssh/authorized_keys'
test@192.168.0.105's password:
Step 5: Set SSH key Permissions on Remote Machine
Once public key is copied, you need to make sure appropriate permission are assigned to the file ssh authorized_keys.
[root@localhost ~]# ssh test@192.168.0.105 "chmod 700 .ssh; chmod 640 .ssh/authorized_keys"
Step 6: Check passwordless ssh login authentication to Remote Server
Once permission is also changed, it is now time to test the ssh without password authentication. To do that run ssh test@192.168.0.105
command. Here you can notice that there is no password authentication now requires to connect to remote Server. You are directly login as test User to the remote machine.
[root@localhost ~]# ssh test@192.168.0.105
Welcome to Ubuntu 18.04.3 LTS (GNU/Linux 5.0.0-37-generic x86_64)
* Documentation: https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support: https://ubuntu.com/advantage
* Overheard at KubeCon: "microk8s.status just blew my mind".
https://microk8s.io/docs/commands#microk8s.status
* Canonical Livepatch is available for installation.
- Reduce system reboots and improve kernel security. Activate at:
https://ubuntu.com/livepatch
116 packages can be updated.
1 update is a security update.
Your Hardware Enablement Stack (HWE) is supported until April 2023.
Last login: Sun Jan 12 18:17:00 2020 from 192.168.0.106
test@localhost:~$
Popular Searches
- ssh without password
- ssh password
- rsa login
- key login
Also Read: Shell Script to check CPU or Memory Consuming Processes