Configure SSH for passwordless access

Willy Klew

3 minutes

ssh

SSH, or Secure Shell, is a secure shell that is used for the remote access from all kinds of devices to servers, through a tunnelled channel and protected by encryption, which gives it a security that prevents, or at least makes it extremely difficult, that third parties can intercept the username or password. In the case of * Nix, we have this protocol available through OpenSSH, a set of client-server solutions available in all Linux distributions and related platforms such as * BSD.

Now, if SSH offers us an excellent level of security, why would we want to use it without the need to enter a password? There may be several reasons, but one that commonly stands out as the generator is the need to log in remotely through scripts and perform superuser tasks, and it is that as we well know it is not advisable to put that data in any script. To solve this problem we are going to see how to generate SSH keys to be able to log in remotely without the need for a password.

This requires us generate a public key and a private key: the first will be stored on the server to which we are going to access and as its name indicates we can send or share it, and the second will be stored on the device (computer, smartphone, tablet) from which we are going to access said server, and must be kept very carefully and only used by us or by people we trust.

Due to what is mentioned in the previous paragraph, it is important to comment that this type of solution requires a very great responsibility in the care of the devices from which we are going to enter a server, and that is that anyone who has access to them can enter it without need to know the password, which is a very big security risk. With this clarified, let's see how we can start, and for this the first thing is to have the SSH daemon installed on the server:

# apt-get install openssh-server

Now we have to create the .ssh directory in the user directory:

# mkdir -p $ HOME / .ssh

# chmod 0700 $ HOME / .ssh

# touch $ HOME / .ssh / authorized_keys

We edit the file / Etc / ssh / sshd_config and we verify that the following lines are as is:

Pubkey Authentication yes

AuthorizedKeysFile% h / .ssh / authorized_keys

Now we go to the client and execute:

ssh-keygen -t rsa

We will be told that the key is being created, and we will be asked to enter the file in which it will be stored (by default it will be in our home, in a folder called /.ssh/id_rsa). We can press Enter since that location serves us perfectly, and then we press Enter again the two times we are requested enter a passphrase since, remember, we are going to enter remotely without entering any data so we do not want any phrase either.

Now that we have the public key, we must share it with those computers to which we are going to connect. Assuming that the server we are talking about has the address 192.168.1.100, what you have to do is:

ssh-copy-id -i $ HOME / .ssh / id_rsa.pub root@192.168.1.100

After copying, we will be invited to perform the remote login to test the keys, and it must be taken into account that in this case root It is the account with which we are going to access the server, so if we are going to want to do it with another user we must modify root for the user account with which we are going to perform the access via SSH.

Now we only have to restart the SSH server so that it takes the new configuration:

# /etc/init.d/ssh restart

From now on, if we want to access a second server and do so without entering a password, we simply have to send it the public key, with which we simply repeat the last step, changing user and IP address as necessary:

ssh-copy-id -i $ HOME / .ssh / id_rsa.pub admin@192.168.1.228


Leave a Comment

Your email address will not be published. Required fields are marked with *

*

*

  1. Responsible for the data: Miguel Ángel Gatón
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.

  1.   dryant said
    ago 4 years

    Thanks for the info but nothing… there is no way….
    I've been trying all morning and it always asks for my password.
    Some time ago I tried and I left it as impossible for the same reason….
    I create my key on my Macbook, copy it to my raspberry in ~ / .ssh / authorizedKeys
    I configure sshd.conf with public authentication and verify that the directory of the keys is exactly where the keys are. I restart the raspberry and when connecting it asks me again for the password
    What can fail?

    Reply to dryant
    1.    dryant said
      ago 4 years

      After several hours trying many things, I have discovered that with my created user it never works, but with the default user that is called "ubuntu" it works the first time.
      Any clarification on why this can happen?
      Saludos y gracias

      Reply to dryant