Private keys allow the users to login to SSH without a password. This is considered a safe practice in some cases while also discards the need to remember multiple passwords.
In this tutorial, we would learn how to generate our own SSH Key Pair on our local machine and then configure our Server to use the same for authentication when trying to connect over SSH.
Steps to Login to SSH Without A Password
Let’s go over the process step-by-step to login to SSH without a password. If you’re new, you can start by reading more about how to connect to a remote host using SSH. If you’re ready, let’s get started.
Step 1: Generate SSH Key Pair
On our local machine, we can generate a SSH Key Pair with the following command :
$ ssh-keygen
On execution, we are prompted to specify a file in which to save the private key, the default being /home/user/.ssh/id_rsa ; here id_rsa is the name of our Private Key file. You can always specify a different path and name for the Private Key file. For our demonstration, we shall use the default configuration.
Step 2: Provide A Passphrase (Optional)
Next, we are presented with a prompt that asks us for a passphrase that can be used to protect the SSH Private Key from unauthorized access.
Enter passphrase (empty for no passphrase)
However, this field is optional and if left empty, it stores the Private Key file without any protection. In our example, we would leave this field empty. After this, we would have successfully generated our Key Pair. We are also presented with a ‘fingerprint’ and ‘visual fingerprint’ of our key which we need not save.
Generating public/private rsa key pair.
Enter file in which to save the key (/home/whokilleddb/.ssh/id_rsa): Enter passphrase (empty for no passphrase):
Enter the same passphrase again:
Your identification has been saved in /home/whokilleddb/.ssh/id_rsa
Your public key has been saved in /home/whokilleddb/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:iMVnsWXvpuKMbP/icjdwv9AjqKWpeknqNHqkXV7gs9o whokilleddb@Lazarus
The key's randomart image is:
+---[RSA 3072]----+
| . o |
| . = . |
| o + . |
| .o + . |
| .... S o |
| . = . ...+ |
| +o= = +o+.o |
|.o+o=.oOo.oo.. |
|.o++Eo*==+.... |
+----[SHA256]-----+
Step 3: Configure the Server To Use Our Private Key
At this point, we should have the following two files under /home/user/.ssh :
$ ls -l /home/user/.ssh
-rw------- 1 user user 2610 Feb 7 15:11 id_rsa
-rw-r--r-- 1 user user 573 Feb 7 15:11 id_rsa.pub
- id_rsa : Our SSH Private Key
- id_rsa.pub : Our SSH Public Key
Take note of the permissions of the private key ( id_rsa ). SSH Private Key files should ALWAYS HAVE 600 PERMISSIONS! If not, change its permission to the said value using the chmod command:
$ chmod 600 /home/user/.ssh/id_rsa
Next, we need to configure our Server to use our private key for login. Now this can be done manually by logging into the Server and configuring stuff manually but there’s a tool ssh-copy-id which does all the hard work for us !
Hence, to configure our Server to use our private key, simply run :
$ ssh-copy-id USER@IP
Here,
- USER is the username we want to login as onto the server
- IP is the IP address of our Server
And with that, we can now simply SSH into our Server with :
$ ssh USER@IP
If you had previously specified a passphrase, you will get a prompt asking for the same :
Enter passphrase for key '/home/user/.ssh/id_rsa' :
Note that if you are not using the default path and file names then you need to specify the private key file using the -i flag as follows :
$ ssh -i /path/to/private/key USER@IP
Thus we successfully SSH’d into our machine using our PRIVATE KEY !
Conclusion
And with that, we were able to login to SSH without a password on our Linux machine. It’s an easy and more secure way of logging in as it locks you to log in from specific IP addresses. If you’re interested in learning more on Linux topics, continue to follow LinuxForDevices.