SSH is a protocol that users/admins can use to communicate with their Linux servers. In this post we created an initial setup for the server and you can try how to connect to the server over SSH. We have used a username and password. Now I show you how to connect to the server without a password
Remember - the password you will need for running Sudo commands if you are a regular user.
1. Creating Key-Pair#
The first step is to create a new key pair. You can create one by typing
ssh-keygen -t ed25519 -C "<comment>"
The -C flag, with a quoted comment such as an email address, is an optional way to label your SSH keys.
#output
Generating public/private ed25519 key pair.
Enter file in which to save the key (/home/emma/.ssh/id_ed25519):
Press enter to save the key pair into the .ssh/ subdirectory in your home directory or you can specify another path.
If in your path are already exists key with the same name you will be asked if you want to overwrite it.
# output
/home/emma/.ssh/id_ed25519 already exists.
Overwrite (y/n)?
If you select y existing key will be overwritten and you will not be able to authenticate with the old key anymore. Better is backup this key because this operation is not reversible.
#output
Your identification has been saved in /home/emma/.ssh/id_ed25519.
Your public key has been saved in /home/emma/.ssh/id_ed25519.pub.
The key fingerprint is:
SHA256:xam3E39l3ZBUfBNiXmzJoK/iOwIPk4Hq1oOT6NZSh1U emma
The key's randomart image is:
+---[RSA 2048]----+
| +==+|
| E . .+.oBo|
| . . +. .+ o|
| . o o . .o|
| . o o S o . =|
| . o * . +. o |
|o * . = .o.. . |
|.O + o.... . |
|+.o . .oo |
+----[SHA256]-----+
You now have two keys public and private one that you can use to authenticate.
2.1. Copy SSH key to your server#
The fastest method is to use ssh-copy-id. This will copy all your public keys to your server.
ssh-copy-id username@remote_host
This will add the public key to ~/.ssh/authorized_keys.
2.2. Manually adding ssh keys#
This can be done manually. Just need to copy the content of /home/emma/.ssh/id_ed25519.pub to this file. Each key goes to a new row.
Display contentof your key
cat /home/emma/.ssh/id_ed25519.pub
Login to your remote server. Check if your ‘~/.ssh` folder exists. If yes then OK if no we need to create it
mkdir -p ~/.ssh
Next, create or modify authorized_keys and add their content of your id_ed25519.pub key.
Finally, remove all permission for group and other by running following command
chmod -R go= ~/.ssh
This command removes it recursively.
2.3. Add SSH keys by script using CAT#
you can use cat to copy. Full command looks like
cat ~/.ssh/id_rsa.pub | ssh username@remote_host "mkdir -p ~/.ssh && touch ~/.ssh/authorized_keys && chmod -R go= ~/.ssh && cat >> ~/.ssh/authorized_keys"
Credits go to DigitalOcean.
After this setting, you can access the server without a password.
3. Disable password authentication#
If you can connect to the server without a password you can edit the ssh configuration to disable password authentication. To do this you need to have root privileges. To login to your server and type
sudo nano /etc/ssh/sshd_config
Inside this file search directive PasswordAuthentication. If you are using nano you can search by pressing Ctrl+w. Set the value to no and remove #.
. . .
PasswordAuthentication no
. . .
Press ‘Ctrl+XthenY. to save the content of the file and finally press ENTER`.
To apply changes we need to restart the SSHD service so do this by typing:
sudo systemctl restart ssh
Open a new window and try to connect to your server
ssh emma@your_server_ip
Emma is the user used for this tutorial. If it goes well and you can connect you are done. You can close all connections to the server.
At the end#
You have now enabled keys only authentication to the server which is more secure than using a password. Keep the private key protected and don’t give them anyone.
Stay safe, ✌ peace
Reply by Email