CommandsLinux

How to Setup SSH Passwordless Login in Linux – A Comprehensive Guide

0

Introduction

Setting up SSH passwordless login on your Linux system not only improves security but also provides a seamless and efficient way to access remote servers. In this comprehensive guide, we will walk you through the process of securely configuring SSH passwordless authentication. By following our step-by-step instructions and best practices, you’ll be able to establish a secure and convenient SSH connection without the need for entering passwords.

Understanding SSH Passwordless Login

SSH passwordless login, also known as SSH key-based authentication or SSH public key authentication, allows you to log in to a remote Linux server without entering a password. Instead, it relies on cryptographic keys to authenticate the user. This method offers enhanced security by eliminating the risk of password-based attacks and provides a streamlined remote access experience.

Step-by-Step Guide to Setup SSH Passwordless Login

1. Generate SSH Key Pair

Generate an SSH key pair on your local machine using the following command:

ssh-keygen -t rsa -b 4096

Choose a strong passphrase to protect your private key.

Generating public/private rsa key pair.
Enter file in which to save the key (/home/user/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/user/.ssh/id_rsa.
Your public key has been saved in /home/user/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:8OWmuHh9BjySvj7mrptRwQ6QHqE7F0... user@localhost
The key's randomart image is:
+---[RSA 4096]----+
|   ..o=++.       |
|  .  .=*o        |
|   . +B*.        |
|    .=.=o.       |
|    . S.o        |
|   . o o..       |
|    + +oo.       |
|     =B.+.       |
|    .=.E.        |
+----[SHA256]-----+

2. Copy Public Key to Remote Server:

Copy the public key (id_rsa.pub) to the remote server using the following command:

ssh-copy-id user@remote-server

Alternatively, you can manually append the public key to the ~/.ssh/authorized_keys file on the remote server.

/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/user/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
user@remote-server's password:

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'user@remote-server'"
and check to make sure that only the key(s) you wanted were added.

3. Configure SSH on the Remote Server

Modify the SSH server configuration file (sshd_config) on the remote server to enable key-based authentication and disable password authentication. Open the file using a text editor, locate the PasswordAuthentication directive, and set it to no. Uncomment the PubkeyAuthentication directive and set it to yes.

# nano /etc/ssh/sshd_config
# Authentication:
...
PasswordAuthentication no
...
PubkeyAuthentication yes
...

4. Test SSH Passwordless Login

Test the SSH passwordless login by attempting to connect to the remote server from your local machine using the generated SSH key pair. Use the following command:

ssh user@remote-server

Ensure successful authentication without requiring a password.

Last login: Mon Jun 5 10:43:07 2023 from 192.168.0.100
Welcome to the remote server!

user@remote-server:~$

5. Harden SSH Security

Implement additional security measures, such as disabling root login, changing default SSH port, and limiting SSH access to specific IP addresses. Use the following commands to make these changes:

Disable root login:

sudo sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin no/' /etc/ssh/sshd_config
PasswordAuthentication no
PermitRootLogin no

Change default SSH port (optional):

sudo sed -i 's/#Port 22/Port <new-port-number>/' /etc/ssh/sshd_config

Limit SSH access to specific IP addresses (optional):

sudo echo "AllowUsers user@trusted-ip" >> /etc/ssh/sshd_config

Remember to restart the SSH service for the changes to take effect:

sudo systemctl restart sshd

Best Practices for SSH Passwordless Login

Use strong passphrases when generating SSH key pairs.
Protect your private key and never share it with unauthorized individuals.
Regularly monitor and review SSH access logs for any suspicious activity.
Update your SSH server and client software to the latest versions to ensure security patches are applied.
Implement a firewall to restrict SSH access to trusted networks or IP addresses.
Consider using SSH key pairs with passphrase for an additional layer of security.
Periodically rotate SSH keys and revoke access for any compromised keys.
Follow the principle of least privilege by granting SSH access only to necessary users.
Enable two-factor authentication (2FA) for SSH, if supported by your SSH server.

Conclusion

By following this comprehensive guide, you have successfully set up SSH passwordless login in Linux. You have learned the key concepts, step-by-step configuration process, and best practices for secure and convenient remote access. SSH passwordless login enhances your system’s security and simplifies the authentication process, saving you time and effort. Remember to follow the recommended security measures to protect your SSH keys and maintain a secure environment for your Linux system.

Happy secure remote access in Linux!

0

Related Articles

Download CentOS 7

September 21, 2020
popcorn time

How to run Popcorn Time on Ubuntu/Mint linux

September 21, 2020
viber on ubuntu

Install Viber on Debian/Ubuntu and Linux Mint 64 bit

September 21, 2020
VirtualBox Running Virtual Machine On Linux Mint

How To Install VirtualBox On Linux Mint 20

September 21, 2020

Leave a Reply

Your email address will not be published. Required fields are marked *

CAPTCHA


This site uses Akismet to reduce spam. Learn how your comment data is processed.

Back to top button