Connecting to SSH without using a password

Post Reply
User avatar
Edge100x
Founder
Founder
Posts: 13141
https://www.youtube.com/channel/UC40BgXanDqOYoVCYFDSTfHA
Joined: Thu Apr 18, 2002 11:04 pm
Location: Seattle
Contact:
Contact Edge100x

Connecting to SSH without using a password

Post by Edge100x »

To connect to the terminal of a Linux machine remotely through SSH without entering a password, you can create a set of cryptographic keys.

If you'd like to access a Linux server from a Windows client using a key in PuTTY, you can do it with these steps:
  1. Download puttygen.exe from the PuTTYgen website, and run it.
  2. Under "Parameters", select the "ed25519" option.
  3. Click the "Generate" button and follow the instructions to generate some randomness.
  4. At the top, it will show you a public key that you can paste into the authorized_keys file. Select the entire contents of this field with your mouse, then right-click and click Copy.
  5. Open an SSH connection to the Linux server (host) that you wish to log into in the future and make sure that the logged-in user is the same one that you wish to use in the future.
  6. Open the ~/.ssh/authorized_keys file in your favorite text editor. For instance, nano ~/.ssh/authorized_keys.
  7. Paste the key from step # 4 as a new line at the end of the ~/.ssh/authorized_keys file. If the file doesn't exist, create it. If the folder doesn't exist, create it.
  8. Save the changed ~/.ssh/authorized_keys file.
  9. Back in puttygen.exe, click "Save private key" and enter the name "ed25519.ppk" (or your desired name). Click "Save public key" and enter a different name, such as "ed25519-public.key". puttygen.exe may ask if you are sure that you wish to save without a passphrase; click "Yes" (unless you'd rather go back and set one).
  10. Close puttygen.exe.
  11. Open your normal PuTTY client.
  12. In the left-hand "Category:" tree, expand the "SSH" option under "Connection". Then, click "Auth".
  13. Under the "Private key file for authentication:" field, click "Browse..." and select the private key that you saved earlier.
  14. In the left-hand "Category:" tree, click "Session".
  15. Enter your username and the hostname of the server into the "Host Name" box. For instance, "user@your.server.ip".
  16. Enter a name for your new connection in the blank field under "Saved Sessions" and click "Save".
Now, whenever you open PuTTY, you can simply double-click the entry in the list for the name that you chose in the last step, and your client will log in for you.

Or, you can generate a key that you can use to access a Linux server from a Linux client:
  1. Open an SSH connection on the Linux system that will be the client, and make sure that the logged-in user is the same one that you wish to use in the future.
  2. Enter this command:

    Code: Select all

    ssh-keygen -t ed25519 -a 100 -f ~/.ssh/id_ed25519
    When it asks for a passphrase, you can choose to enter one or leave it blank. Using a passphrase is more secure, but it adds a manual entry step during the connection phase.
  3. Show the contents of the file that you just created:

    Code: Select all

    cat ~/.ssh/id_ed25519.pub
  4. Open an SSH connection to the Linux server (host) that you wish to log into in the future and make sure that the logged-in user is the same one that you wish to have log in.
  5. Open the ~/.ssh/authorized_keys file in your favorite text editor.
  6. Copy the key from step # 3 and paste it in as a new line at the end of the ~/.ssh/authorized_keys file.
  7. Save the changed ~/.ssh/authorized_keys file.
After you do this, you can log in from the client to the second server with a single line, such as "ssh user@your.server.ip" -- you won't be asked for a password (unless you chose a passphrase). This is particularly useful for automation.

After you set up your clients and server to use SSH keys, it's best to change your password on the server to something even more complex than it was before. Since the password will only be used very rarely, you don't need it to be easy to type or remember!

To take security a step further, you can make it so that your Linux server only accepts remote SSH logins that use generated keys. If you do this, you won't be able to log in with a password, but you can still log in through the VNC console on a VDS. We recommend this, but only after you've made sure that your SSH key setup is working properly.
  1. Open an SSH session to your Linux server.
  2. In your favorite text editor, open the /etc/ssh/sshd_config file.
  3. Look for a line that starts with "#PasswordAuthentication" or "PasswordAuthentication". Change it to be this:

    Code: Select all

    PasswordAuthentication no
  4. Look for a line that starts with "#ChallengeResponseAuthentication" or "ChallengeResponseAuthentication". Change it to be this:

    Code: Select all

    ChallengeResponseAuthentication no
  5. Save the file.
  6. Reboot your VDS, or restart/reload the OpenSSH server (each distribution has a different way of doing this; on Gentoo, for instance, the command is /etc/init.d/sshd reload).
Top
Post Reply

Return to “Software how tos”