SSH login without password

From PCLinuxOS Knowledgebase
Jump to navigation Jump to search
  • Relevant to all editions of PCLinuxOS.

To log in to a remote Linux system using SSH without a password, you can set up SSH key-based authentication. This method allows secure access using a pair of cryptographic keys: a public key (stored on the remote machine) and a private key (stored on the client). Here’s how to set it up:

Steps to Set Up SSH Login Without Password

Generate SSH Key Pair on the Client Machine

If you don’t already have an SSH key pair, you can generate one using the following command on the client (your local machine): 

ssh-keygen -t rsa -b 4096
  • -t rsa`: Specifies the type of key, in this case, RSA.
  • -b 4096`: The number of bits in the key. 4096 is a strong option for RSA.

You'll be prompted for a location to save the key:

  • The default location is `~/.ssh/id_rsa` for the private key and `~/.ssh/id_rsa.pub` for the public key. Press Enter to accept the default.

You'll also be prompted for a passphrase. If you want to log in without entering anything, leave this blank and press Enter.

Copy the Public Key to the remote machine

To enable key-based authentication, you need to copy your public key to the remote machine. The easiest way to do this is by using the `ssh-copy-id` command: 

ssh-copy-id username@remote_machine

Replace `username` with your actual username on the remote machine and `remote_machine` with the IP address or hostname of the remote machine.

This will copy the content of `~/.ssh/id_rsa.pub` to the `~/.ssh/authorized_keys` file on the remote machine, setting up the authentication mechanism.

You will need to enter your password for the last time while setting up.

Alternatively, you can manually copy the public key using `scp`: 

scp ~/.ssh/id_rsa.pub username@remote_machine:/home/username/.ssh/authorized_keys

Set Permissions on the remote machine

Ensure the correct file permissions on the remote machine for SSH to work:

  • The `.ssh` directory on the remote machine should have permissions set so only the owner can access:
chmod 700 ~/.ssh
  • Similarly the `authorized_keys` file should have read/write permissions for the owner only:
 chmod 600 ~/.ssh/authorized_keys

Test SSH Login Without Password

Now, try logging into the remote machine without a password: 

ssh username@remote_machine

If everything is set up correctly, you should be logged in without being prompted for a password.

(Optional) Disable Password Authentication

To make your remote machine more secure, you can disable password-based authentication entirely after ensuring that SSH key-based login is working.

Edit the SSH configuration file on the remote machine (as root): 

nano /etc/ssh/sshd_config

Look for the following lines and change them to: 

PasswordAuthentication no
ChallengeResponseAuthentication no
UsePAM no

After making these changes, restart the SSH service (as root): 

service sshd restart

Additional Notes

  • Private Key Security: Never share your private key (`id_rsa`). Keep it secure, as it allows access to your remote machines.
  • Passphrase: If you set a passphrase when creating your key pair, you'll be prompted for it each time you use your key. To avoid this, you can use an SSH agent to cache the passphrase:
    • Start the SSH agent: `eval "$(ssh-agent -s)"`
    • Add your key to the agent: `ssh-add ~/.ssh/id_rsa`

Conclusion

SSH key-based authentication is a more secure and convenient way to log into remote Linux machines without needing to enter a password every time. It’s especially useful for automating tasks and securing remote access.

Retrieved from "https://pclosusers.com/wiki/index.php?title=SSH_login_without_password&oldid=1060"