Passwordless login with SSH Keygen

By: Luke Rawlins Jun 23, 2016 | 3 minutes read
Share this:

Tags: Linux, Ubuntu

RSA keys are a public key encryption method that keeps a private key on the host computer, and a public key on other machines. The public key is generated by a mathematical algorithm that can only be de-crypted with the private key. As long as the private key is kept confidential use of the keys is secure.

The keys are secure because they can be encrypted on a users computer protecting the key from falling into the wrong hands, like a password printed on a sticky note and place on your desk. The rsa key is also secure because it allows a server administrator to shut off password authentication on remote servers making a brute force attack that utilizes password dictionaries impossible. By default the rsa key is 2048 bits but this can be altered with the -b option.

Keys are easy to create, and distribute. The key allows near instant authentication without stopping to type a password every time you need to jump onto a server.

From your Mac, Linux computer open the terminal and type the following

ssh-keygen

You will be asked a series of questions

[email protected]:~$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/user/.ssh/id_rsa):

To keep the default just press enter. By default this will create a file called id_rsa under /home/user/.ssh/

Next it will ask for a passphrase. You want to enter a passphrase. The passphrase is what protects your private key from being readable by others.

Enter passphrase (empty for no passphrase): 
Enter same passphrase again:

After entering the passphrase ssh-keygen will generate an rsa key and display a fingerprint like this:

Your identification has been saved in /home/user/.ssh/id_rsa.
Your public key has been saved in /home/user/.ssh/id_rsa.pub.
The key fingerprint is:
49:ee:8c:73:d2:a3:53:b9:b4:50:63:19:34:a2:47:c2 [email protected]
The key's randomart image is:
+--[ RSA 2048]----+
|   .. o.o        |
|    E+ ...       |
|    . . .o       |
|     . o=.       |
|       oSo       |
|      .=+        |
|      ++*o       |
|      .=o.       |
|      ..         |
+-----------------+

If you cd into /home//.ssh/ and list files you should see something similar to the below.

cd .ssh/

$ ls
id_rsa  id_rsa.pub  known_hosts

We will be transferring the id_rsa.pub file to our remote server using “ssh-copy-id”

[email protected]:~$ ssh-copy-id 192.168.0.2
The authenticity of host '192.168.0.2 (192.168.0.2)' can't be established.
ECDSA key fingerprint is 10:0f:3b:dy:3d:08:5a:3c:09:c8:81:c1:53:a2:94:9c.
Are you sure you want to continue connecting (yes/no)? yes

If you haven’t connected to the remote server yet you will be asked to accept the fingerprint of the server you are connecting to. Just type yes and hit enter.

/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
[email protected]'s password:

Next you will be asked for the password for the user account on the remote server. Only users with a valid account can connect this way.

Now you should be able able to ssh to the remote server without being prompted for a password. You may have it input the passphrase to unlock the key file. However, if you are on a Mac or Linux desktop or laptop you can have it saved in your keychain and will not have to input the passphrase again.

ssh [email protected]
Enter passphrase for key '/home/user/.ssh/id_rsa':

Using rsa key authentication will increase the security of your server network.

Related Posts


Media Server

Have you ever wanted to set up your own video streaming service on your home or work network? This simple guide will help you set up a media server using Ubuntu 14.04 and Plex. The setup for Plex on Ubuntu is incredibly easy and is a great way to back up your existing video, music and picture library in a way that will allow you to share the content with anyone on or off your network. Read more

Linux DNS and DHCP Server

There are lots of reasons to use Linux for your networking needs both at home and at work not the least of which is the unbeatable price (free). Linux has a well deserved reputation for security and high availability that is unrivaled among modern operating systems. Setting up a dhcp and dns server with Linux is not as hard as you might think especially when using a package called “dnsmasq”. Dnsmasq is a lightweight package that is available from the default Ubuntu repositories. Read more

Filesystem and Directory size

Just a quick look at df and du. This comes up a lot when we have filesystems that are filling up and need to find out which directories or logs are using the space. How to find the size of mounted filesystems From the terminal enter the df command. [email protected]:~$ df -h Filesystem Size Used Avail Use% Mounted on udev 492M 12K 492M 1% /dev tmpfs 100M 780K 99M 1% /run /dev/xvda1 15G 3. Read more


Contact

If you’d like to get in touch, contact with me via email - or follow on Twitter.

[email protected]