SSH stands for Secure Shell, which is a coded network protocol. Its purpose is to establish a safe connection between the client and the server, and it uses different authentication systems to achieve that. Most notably, there is a key authentication system and a password authentication system.
You can actually set up an SSH login on a Linux server which requires no password. However, you do need a key, but you get it from the OpenSSH utility package. This provides you with a key generator on your local computer.
You can then copy a public key to the server which is remote and provide identities for your authentication agent. This all sounds complicated, but you will soon see that it isn’t.
SSH Login Without a Password
What you need for a Secure Shell login without a password is a generated public authentication key. This key needs to be appended to the file of the remote host: ~/.ssh/authorized_keys.
Here are the detailed steps for setting up an SSH login without a password.
Try to Find an Existing Secure Shell Key Pair
You need to run this command and check if there are SSH keys that already exist:
$ ls -al ~/.ssh/id_*.pub
This is necessary because, if there are already SSH keys, you will override them once you generate a new one. In case you have them, you can use them and skip the next step. Alternatively, you can back them up and still generate new ones.
You can proceed to generate a new key if you see messages that say that there are no matches found or that no such directory or file exists.
Make a New Secure Shell Key Pair
You can generate a new SSH key pair with 4096 bits and send it to your email address using this command:
$ ssh-keygen -t rsa -b 4096 -C “email@example.com”
Then tap on Enter and accept the default name and location of the file.
Enter file in which to save the key (/home/yourusername/.ssh/id_rsa).
After that, you can set a password through an SSH key generator tool. You don’t have to do it, but a password would improve your security. Anyway, system admins and developers usually use passwordless Secure Shell for completely automating a process.
If you decide to go without a password, tap on Enter.
Enter passphrase (empty for no passphrase).
You can check your generated SSH keys by listing your brand new public and private keys with this command:
$ ls ~/.ssh/id_*
Copy the Server Public Key
Once you have made an SSH key pair, you need a public key of the server you would like to manage. You are doing this so you can log in to your server without using any password.
You can copy a public key to your server using this command:
$ ssh-copy-id remote_username@server_ip_address
You will then get a message telling you to type in the remote_username password:
When you get authentication, the remote user file (authorized_keys) will get the public key appended. The connection will then close down.
Just in case you can’t use the ssh-copy-id utility on your PC, use this command to copy the public key:
$ cat ~/.ssh/id_rsa.pub | ssh remote_username@server_ip_address “mkdir -p ~/.ssh && chmod 700 ~/.ssh && cat >> ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys”
Logging In Without a Password
Finally, you are ready to log in to your server, and you won’t need a key or password for it. Try it with the following command:
$ ssh remote_username@server_ip_address
You should get an instant login if you did everything right.
Remove the SSH Authentication
For added security, you could remove SSH authentication via password. Don’t confuse this with your server’s login password. Actually, prior to this step, you need to ensure you have server access without a password and that your user has sudo privileges.
Using SSH keys, log in to the remote server. Do it is a sudo privileged user:
$ ssh remote_username@server_ip_address
You need to enter the Secure Shell config file /etc/ssh/sshd_config, and try to find these directives, changing them exactly like this:
When you are finished, save this file and reboot the Secure Shell service. You can restart it with this command on Debian and Ubuntu servers:
$ sudo systemctl restart ssh
On Fedora or CentOS servers, use this command:
$ sudo systemctl restart sshd
No Password No Worries
Now you know how to set up SSH authentication using a key without any user password for remote server login. Did you know you can add a single key on more than one remote server? Additionally, you can remove SSH authentication with a password and improve your server security in the process.
Why do you want to set up SSH authentication without a key or password? Have these instructions helped you achieve your goal? Let us know in the comments below.