SSH Login Without Password


Generate Key Using SSH-KEYGEN

First things first; open up the terminal on your local machine. If you haven’t already, generate your public and private keys using ssh-keygen -t rsa .

Do not enter in a passphrase.

$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/Users/username/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /Users/username/.ssh/id_rsa
Your public key has been saved in /Users/username/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:TytJ92LatFvIeYjheEzSsjLV9HPIZl+W7D5NXQmkBc4 
The key's randomart image is:
+---[RSA 3072]----+
|           ..o   |
|   .      o o.   |
|           E  . .|
|     ..E .     ..|
|  + .o oS.o. .  o|
|    .B.X.@..= . o|
|   .o *oX+=o o o |
|  o  o   =.   . .|
|   o.   .      . |
+----[SHA256]-----+

Get Public Key

Next we need to get your public key to share with another computer.

Navigate to ~/.ssh/ . cat id_rsa.pub .

$ cat ~/.ssh/id_rsa.pub

You need to copy only your public key. Never give away your private key.

The key should look something like this:

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCuXVloySmZPF+cct3aQ8I1iykLKJOBpHdKFonUj/jf38ZS06CfM1vD0Z313etZokEKGZoH8XqNWZcez17qHgzi3a/qFMbSHp0uoOppQvgJAffAv141MX+YubMY0XYJLtF7XW+cpNWjJKKdeo2BrkF29XpLFEXhxiaC1gIMKNvO6ML9ogS9pARo2gDaJrZWQkPEIpgoi6OBa9BlGJ1ue7hykVCqIkbucjeE1Kjd0GW4Am5I9G9zM9mbHXBkZYoOVHA6t9rDtA2IBpNjmVVqjjSZzLLabDnna6WvfRnR/H0y+AkE2i69qkn3kFsQnPx48WJrgMDKxpiR0pfK1pqLDP0aJUrMXrlpF7a1V47IvVDDFrNwWSXHscPjXOJhonLs7VGnsxBjwMCyws1cl7D3lAgkbDiOUW/NmAbMjdt3BMZHYuaHCjDs6h5SHkklnk2wxc6k16QyNTdmCke4FQVnfPTnISTHmt9mamMwiCT9shPEOLb94p1SaaZCLpS1C/5++fk= username@yourcomputer.local

Copy your Public Key to another computer

ssh in to your other computer.

$ ssh username@computer.remote

Navigate to ~/.ssh/ ; same place as on your local machine, and append your public key into a file called authorized_keys .

$ echo "your private key" >> ~/.ssh/authorized_keys

Finally check if it works C: ?

BONUS ROUND

Having passwords at all is a bad idea. Most peoples are dead easy to brute force and the rest can be retrieved by human negligence and/or error. So why not just disable passwords all together.

Login to your remote machine.

We need to modify the ssh config file to remove password based authentication.

$ sudo vi /etc/ssh/sshd_config

Scroll down. We need to change a few things. Set:

ChallengeResponseAuthentication no

PasswordAuthentication no

UsePAM no

PermitRootLogin no
PermitRootLogin prohibit-password

Finally restart ssh to load the new config file.

$ /etc/init.d/ssh reload

That should be it. Logout and test to see if it works.