{"id":5512,"date":"2021-04-02T18:07:14","date_gmt":"2021-04-02T18:07:14","guid":{"rendered":"https:\/\/linuxways.net\/?p=5512"},"modified":"2021-04-04T11:19:47","modified_gmt":"2021-04-04T11:19:47","slug":"how-to-set-up-passwordless-ssh-authentication-on-linux","status":"publish","type":"post","link":"https:\/\/linuxways.net\/de\/ubuntu\/how-to-set-up-passwordless-ssh-authentication-on-linux\/","title":{"rendered":"How to set up passwordless SSH Authentication on Linux"},"content":{"rendered":"

Passwords are becoming vulnerable with the ever-evolving cybersecurity environment. No more than ever, systems are becoming prone to brute-force attacks. Users are also making it easy for hackers to infiltrate their systems by securing systems with weak and often guessable passwords. 2 Factor authentication is now commonplace and it provides an extra layer of protection using OTP codes to ensure that it\u2019s actually the user logging into the system.<\/p>\n

Another way you can secure your server is by setting up passwordless SSH authentication on your server. This uses public-key SSH authentication where an SSH key pair is generated on the local system. The key pair is made up of a private and a public SSH key. The private key remains on the local system whilst the public key is uploaded to the remote system. During authentication, a key exchange occurs between the public key saved on the remote system and the private key on the local system. Subsequent connections are thus secured and no password will be required.<\/p>\n

In this guide, we take you through how to configure password SSH authentication in 3 simple steps.<\/p>\n

Passwordless SSH setup Lab<\/strong><\/h2>\n

For demonstration purposes, we will use the following lab setup:<\/p>\n

Local Linux system - 192.168.2.104<\/pre>\n
Remote Linux system - 192.168.2.108<\/pre>\n
It would be prudent to also ensure that you can access the remote system from your local system using SSH password authentication.<\/p>\n
Let\u2019s get started!<\/p>\n
Step 1. Generate SSH key pair<\/strong><\/h2>\n
Right off the bat, we will generate an SSH key-pair which will be stored in the home directory. So, invoke the ssh-keygen <\/strong>command as shown. Here, we are creating a 4096-bit key pair.<\/p>\n
$ ssh-keygen -b 4096<\/strong><\/pre>\n
Accept the defaults by simply pressing ENTER. You can find the SSH key pair in the ~\/.ssh <\/strong>directory which is a hidden directory in your home folder.<\/p>\n
<\/strong><\/p>\n
Just to be cocksure use the ls command to check the presence of the SSH keys.<\/p>\n
$ ls .ssh<\/strong><\/pre>\n
The private key is denoted by id_rsa <\/strong>while id_rsa.pub <\/strong>is the public key. These are cryptographic keys that are encrypted. We will, later on, copy the public key to the remote system.<\/p>\n
<\/p>\n
Step 2. Copy the SSH key pair to the remote system<\/strong><\/h2>\n
Next, you need to copy and save the public key to the remote Linux system. Why are we doing this? In public-key authentication, an authentication handshake takes place between the public key on the remote system and the private key residing on the local system. This ensures that all subsequent traffic between the local host system and the remote system is encrypted.<\/p>\n
To copy the SSH public key, run the ssh-copy-id<\/strong> command as follows.<\/p>\n
$ ssh-copy-id user@remote-ip<\/strong><\/pre>\n
In our case, this will be:<\/p>\n
$ ssh-copy-id james@192.168.2.102<\/strong><\/pre>\n
To continue connecting, type \u2018Yes\u2019 and press ENTER. Thereafter, provide the password to the remote system to log in and copy the SSH public key.<\/p>\n
The public SSH key is added to a unique file called authorized_keys<\/strong> in the home directory of the user account you are logging into. The full path to this file is ~\/.ssh\/authorized_keys<\/strong><\/p>\n
<\/p>\n
After successfully copying the SSH key, you can now log in to the remote system using the public key authentication as follows.<\/p>\n
$ ssh james@192.168.2.102<\/strong><\/pre>\n
From the snippet below, you can see that we have logged in to the remote system without even being prompted for a password. Awesome!<\/p>\n
<\/p>\n
As mentioned earlier, the public key is saved in the ~\/.ssh\/authorized_keys <\/strong>path.<\/p>\n
<\/p>\n
Step 3. Disable password authentication (Optional)<\/strong><\/h2>\n
If you want to boost the security of your remote system, you might want to consider disabling password authentication. In doing so, you ensure that you are the only one who can access the system using the private key sitting on your local system. The key should always be a top secret. Never share it with anyone lest your system becomes compromised.<\/p>\n
On the remote host, open access the \/etc\/sshd_config<\/strong> file a shown.<\/p>\n
$ sudo vim \/etc\/sshd_config<\/strong><\/pre>\n
Locate the PasswordAuthentication <\/strong>parameter and set it to no<\/strong> as shown.<\/p>\n
<\/p>\n
Next, ensure that Public Key authentication is enabled as shown.<\/p>\n
<\/p>\n
For the changes to persist, perform a restart of the SSH service as follows.<\/p>\n
$ sudo systemctl restart ssh<\/strong><\/pre>\n
To demonstrate that password authentication is disabled, we will try and access the server using the Putty SSH client. Provide the remote system\u2019s address and hit \u2018Open\u2019<\/p>\n
<\/p>\n
Provide the remote username and hit ENTER. This time around, you get an authentication since we disabled password authentication.<\/p>\n
<\/strong><\/p>\n
Conclusion<\/strong><\/h2>\n
Public key authentication is a tamperproof way of connecting and hardening your server. It eliminates attack vectors such as brute force password attacks which are ominous when your system has password authentication.<\/p>","protected":false},"excerpt":{"rendered":"
Passwords are becoming vulnerable with the ever-evolving cybersecurity environment. No more than ever, systems are becoming prone to brute-force attacks. Users are also making it easy for hackers…<\/p>","protected":false},"author":1,"featured_media":5569,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[21,100],"class_list":["post-5512","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-ubuntu","tag-ssh","tag-ubuntu-20-04"],"_links":{"self":[{"href":"https:\/\/linuxways.net\/de\/wp-json\/wp\/v2\/posts\/5512","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/linuxways.net\/de\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/linuxways.net\/de\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/linuxways.net\/de\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/linuxways.net\/de\/wp-json\/wp\/v2\/comments?post=5512"}],"version-history":[{"count":0,"href":"https:\/\/linuxways.net\/de\/wp-json\/wp\/v2\/posts\/5512\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/linuxways.net\/de\/wp-json\/wp\/v2\/media\/5569"}],"wp:attachment":[{"href":"https:\/\/linuxways.net\/de\/wp-json\/wp\/v2\/media?parent=5512"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/linuxways.net\/de\/wp-json\/wp\/v2\/categories?post=5512"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/linuxways.net\/de\/wp-json\/wp\/v2\/tags?post=5512"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}