Table of Contents
Set Up Passwordless SSH Login: Secure Shell (SSH) is a network protocol that uses encryption to make a secure connection between a client and a server. It also lets users log in in different ways. Using a password and using a public key are the two most common ways to prove who you are.
The private key stays safe on your workstation, and the public key goes in a certain place on each remote system you use. A passphrase can be used to keep your private key safe locally. You don’t have to type in the passphrase every time you use the key to get into a remote system if you have a local caching program like ssh-agent or gnome-keyring. Instead, you only have to type it in once in a while.
How To Set Up Passwordless SSH Login
- Open terminal/command prompt on your machine
- In Linux/Mac, open an application named “Terminal.
- For SSH to work, SSH access must be opened on the server beforehand.
- Generating key-pairs (one-time operation)
- This is needed if you are doing this the first time!
- Run the following command to generate a pair of public & private keys using the RSA algorithm. If you want to use replace the last argument “-t rsa” with “-t dsa”
- Adding you public key to the server’s “authorized_keys” list
- Like your system, on server also, under each users home directory, there exists a hidden directory called “.ssh”.
- Inside server’s .ssh folder, there may be similar files as we have seen above. The only file we are interested in is the authorized_keys file.
- We have to add our public key (content of id_rsa.pub file) to the authorized_keys file
- Testing Passwordlesss Authentication
- If you have followed every step till now, it is time to test everything.
- Just run the following command with username@example.com replaced by actual username and domain name.
Prerequisites
- Access to command line/terminal window
- User with sudo or root privileges
- A local server and a remote server
- SSH access to a remote server via command line/terminal window
Why use Passwordless SSH?
Users sometimes find password-protected options hard to remember and uncomfortable. You may be in an environment where you need to enter your password frequently.
- Easy and non-interactive login. Users don’t have to type the password for every new session
- More secure compared to passwords as it works on public-private key cryptography
- More reliable
- Better authentication and authorization management
- A good solution for both small and large infrastructure
- Easy to build and maintain
FAQ
SSH Keys ensure a degree of authentication that can only be achieved by users who possess the private key linked with the public key on the server. An intruder who gets access to the server’s public key won’t be able to gain access to the server without the associated private key.
How does passwordless authentication work? Passwordless authentication refers to a method of verifying a user’s identity without the use of a password. Instead of a password, the user authenticates using something they have (such as a mobile device) or something they are (such as a biometric).
How to Connect via SSH. If the username on your local machine matches the one on the server you are trying to connect to, you can just type: ssh host_ip_address And hit Enter. Type in your password and hit Enter. Note that you will not get any feedback on the screen while typing.
Device theft is one passwordless risk related to end-user authentication devices. If an attacker gets their hands on an unlocked user’s device, they can intercept any OTPs, PINs or magic links generated on authentication apps, or sent via email or SMS.