SSH is a protocol that users/admins can use to communicate with their Linux servers. In this post we created an initial setup for the server and you can try how to connect to the server over SSH. We have used a username and password. Now I show you how to connect to the server without a password
Remember - the password you will need for running Sudo commands if you are a regular user.
1. Creating Key-Pair
The first step is to create a new key pair. You can create one by typing
ssh-keygen -t ed25519 -C "<comment>"
The -C flag, with a quoted comment such as an email address, is an optional way to label your SSH keys.
#output Generating public/private ed25519 key pair. Enter file in which to save the key (/home/emma/.ssh/id_ed25519):
Press enter to save the key pair into the .ssh/ subdirectory in your home directory or you can specify another path.
If in your path are already exists key with the same name you will be asked if you want to overwrite it.
# output /home/emma/.ssh/id_ed25519 already exists. Overwrite (y/n)?
If you select
y existing key will be overwritten and you will not be able to authenticate with the old key anymore. Better is backup this key because this operation is not reversible.
#output Your identification has been saved in /home/emma/.ssh/id_ed25519. Your public key has been saved in /home/emma/.ssh/id_ed25519.pub. The key fingerprint is: SHA256:xam3E39l3ZBUfBNiXmzJoK/iOwIPk4Hq1oOT6NZSh1U emma The key's randomart image is: +---[RSA 2048]----+ | +==+| | E . .+.oBo| | . . +. .+ o| | . o o . .o| | . o o S o . =| | . o * . +. o | |o * . = .o.. . | |.O + o.... . | |+.o . .oo | +----[SHA256]-----+
You now have two keys public and private one that you can use to authenticate.
2.1. Copy SSH key to your server
The fastest method is to use
ssh-copy-id. This will copy all your public keys to your server.
This will add the public key to
2.2. Manually adding ssh keys
This can be done manually. Just need to copy the content of
/home/emma/.ssh/id_ed25519.pub to this file. Each key goes to a new row.
Display contentof your key
Login to your remote server. Check if your ‘~/.ssh` folder exists. If yes then OK if no we need to create it
mkdir -p ~/.ssh
Next, create or modify
authorized_keys and add their content of your
Finally, remove all permission for
other by running following command
chmod -R go= ~/.ssh
This command removes it recursively.
2.3. Add SSH keys by script using CAT
you can use
cat to copy. Full command looks like
cat ~/.ssh/id_rsa.pub | ssh username@remote_host "mkdir -p ~/.ssh && touch ~/.ssh/authorized_keys && chmod -R go= ~/.ssh && cat >> ~/.ssh/authorized_keys"
Credits go to DigitalOcean.
After this setting, you can access the server without a password.
3. Disable password authentication
If you can connect to the server without a password you can edit the ssh configuration to disable password authentication. To do this you need to have
root privileges. To login to your server and type
sudo nano /etc/ssh/sshd_config
Inside this file search directive
PasswordAuthentication. If you are using nano you can search by pressing
Ctrl+w. Set the value to
no and remove
. . . PasswordAuthentication no . . .
. to save the content of the file and finally press ENTER`.
To apply changes we need to restart the
SSHD service so do this by typing:
sudo systemctl restart ssh
Open a new window and try to connect to your server
Emma is the user used for this tutorial. If it goes well and you can connect you are done. You can close all connections to the server.
At the end
You have now enabled keys only authentication to the server which is more secure than using a password. Keep the private key protected and don’t give them anyone.
Stay safe, ✌ peace