Perform SSH Login to Remote Server Without Password Using ssh-keygen & ssh-copy-id

Posted by: | Published: September 10, 2016| Updated: September 10, 2016

undefined

In this article, I’ll show you how to login to remote nix server (RPM Family “Redhat / CentOS  / Scientific Linux” and Debian Family “Debian and Ubuntu”) without using a password, all you need to login to the remote server is uploading your public key to the remote server.

Only three steps to successfully login to the remote server with the help of these two commands ssky-keygen and ssh-copy-id as explained in this article.

ssh-keygen creates the public and private keys for your local machine “the machine you trying to login from”. ssh-copy-id copies the local-host’s public key to the remote-host’s authorized_keys file “append your public key to this file”. ssh-copy-id also assigns proper permission to the remote-host’s home, ~/.ssh “which must be 700”, and ~/.ssh/authorized_keys “which must be 600”.

Here’s the simple three steps you need to do:

Step 1: Create public and private keys using ssh-keygen for your local host:

You need to run ssh-keygen command on your local machine. Here’s I pressed ENTER key three times to accept the default settings. It’s up to you to change the default settings.

[msemari@localhost ~]$ ssh-keygen 
Generating public/private rsa key pair.
Enter file in which to save the key (/home/msemari/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/msemari/.ssh/id_rsa.
Your public key has been saved in /home/msemari/.ssh/id_rsa.pub.
The key fingerprint is:
a9:4c:db:98:60:29:e5:69:34:2e:29:5a:78:07:65:df msemari@localhost.localdomain
The key's randomart image is:
+--[ RSA 2048]----+
| o |
| o . . |
| . + . E |
| . B + . |
|o * X . S |
|.+ * + * |
|. * . |
| |
| |
+-----------------+

Step 2: Copy the public key to remote-host using ssh-copy-id:

Now, it’s time to copy our generated public key to the remote server using the remote user on that server.

[msemari@localhost ~]$ ssh-copy-id  -i .ssh/id_rsa.pub remote_user@remote_server
remote_user@remote-host's password:
Now try logging into the machine, with "ssh 'remote-host'", and check in:

.ssh/authorized_keys

to make sure we haven't added extra keys that you weren't expecting.
Hints:
1. Replace the remote_user and remote_server with the existing user on your remote server and with the remote server IP or fqdn hostname
2. We will be asked to enter the password of the remote user.
3. ssh-copy-id appends the keys to the remote-host’s .ssh/authorized_key.

Step 3:  Login to remote-host  will not ask for the password:

Now, we will login to our remote server, the remote server will not ask us for a password as follow:

[msemari@localhost ~]$ ssh Your_remote_user@Your_remote_host

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Sat Sep 10 10:16:52 2016 from 196.151.245.61
remote_user@remote_host:~$

Now, every time you try to login to your remote machine, you will not be asked for a password.

Optional Step Four—Disable the Password  Login method on your remote server:

Once you have copied your SSH keys into your server and ensured that you can log in with the SSH keys alone, you can go ahead and disable the login using password, by disabling the login with password, login will only be permitted via SSH keys.

In order to do this, open up the SSH configuration file:

# vim /etc/ssh/sshd_config

Within that file, find the line that includes PasswordAuthentication and modify it to ensure that users can only connect with their SSH key:

PasswordAuthentication no

Save and exit. To put the changes into effect you need to restart the ssh service as follow:

  • For CentOS 7 and Debian 8
# systemctl restart ssh
  • For CentOS 6 and earlier, and Debian 7 and earlier
# /etc/init.d/ssh restart

Now only login with public key method is allowed on your remote server.

Summary

In this article, we have explained  in three steps how to enable login using public keys to remote Linux servers. We first created the public and private keys for our local machine using ssh-keygen, then we copied the public key to the remote server using ssh-copy-id. Then we successfully login to the remote server without a password.

At the end of this article, we added an optional step to disable password login to our remote server, by disabling password login, we protect our remote server from SSH brute force attack. This is important step to protect and secure your Linux Machines.

 

I hope this article is good enough for you.
See you in other articles.

If You Appreciate What We Do Here On Mimastech, You Should Consider:

  1. Stay Connected to: Facebook | Twitter | Google+
  2. Support us via PayPal Donation
  3. Subscribe to our email newsletters.
  4. Tell other sysadmins / friends about Us - Share and Like our posts and services

We are thankful for your never ending support.

Posted in Linux OS | No Comments »

(Previous Post)
(Next Post)

Leave a Reply

Your email address will not be published. Required fields are marked *