How to setup PasswordLess SSH in Linux?
This tutorial answers your question i.e. How to setup Passwordless SSH?
SSH is a protocol to communicate a server with the client in an encrypted manner. It has replaced telnet protocol, which was not at all secure at all. Almost all the Linux system admins know about it because they use it to connect to Linux servers as the physical access to the server is very limited.
SSH is installed by default on most Linux distribution. & to access a server through ssh is very easy, you use the following command
$ ssh {Server IP address or FQDN}
and then you enter the credentials. But in this tutorial, we will learn to access ssh session securely with the help of Public/Private keys authentication aka passwordless ssh setup. Advantages of using Public/Private keys authentication are
- You won’t be asked for a password every time you access the server (unless you are using a passphrase to decrypt the keys)
- No-one can gain unauthorized access to your server unless they have the right key.
Now let’s create Public/Private keys for passwordless ssh setup to access our servers.
Setup PasswordLess SSH
Creating keys on the Local machine
Remember this, keys are to be created on each host that you wish to gain access from. So if there are 10-20 hosts from where you want to access a server, we must create keys on all those 10-20 servers.
To create keys, run the following command
$ ssh-keygen –t rsa
It will then ask you to select a location for the generated keys. By default, the keys will be stored in the ~/.ssh which is a hidden directory in your home folder (/home/dan/.ssh). The private key will be called id_rsa and the associated public key will be called id_rsa.pub.
It will also ask you to enter a passphrase, which is used to decrypt the keys. If you don’t wish to use any pass-phrase just leave it empty & press enter or else provide a pass-phrase.
Next, set permissions on your private keys,
$ chmod 700 ~/.ssh
$ chmod 600 ~/.ssh/id_rsa
Configuration on Remote Server
Now copy the Public key (id_rsa.pub) & move it to the remote server at /home/user/.ssh/authorized_keys folder. Now that the public keys have imported to server, remove them from local machine.
Next, we will also have to set permissions on the server as well
$ chmod 700 ~/.ssh
$ chmod 600 ~/.ssh/authorized_keys
All the settings for Public/Private keys authentication are now complete.
Testing the Public/Private keys authentication
Now log back into the local machine to access the server & enter
$ ssh {Server IP address or FQDN}
& hit enter. You will notice that you won’t be asked for the credentials & are logged directly into the server.
Once you have tested your passwordless ssh setup, you can also disable the use of password authentication so that everyone uses only keys to access the server. Thus making your servers more secure. To disable password authentication , open /etc/sshd/sshd_config & change the following parameter
PasswordAuthentication no
That’s it, this completes our tutorial on how to setup PasswordLess SSH on Linux machines.
No comments:
Post a Comment