SSH key generation for Passwordless SSH login in Linux

Secure Shell, is a cryptographic network protocol that we can use to access the remote machines without passwords securely.To do this we need to generate the SSH key. Using SSH, we can access the remote system’s command-prompt and run commands without access them physically. Also, we can transfer files between remote and local systems securely using Secure Copy (SCP) protocol.

This tutorial explains how to configure Passwordless SSH login in Linux. We can do this in two ways.

Why password-less SSH login

To increase security and to reduce the chances of being hacked. Passwords can be easily guessed or cracked by hackers, or you might forget if it’s a long and complex password, or if you don’t want to save the passwords in an unsecured place.

In password-less SSH login method, we can exchange encrypted keys instead of entering the actual password while connecting to the remote systems via SSH. So that way, nobody can easily hack or guess our passwords, because we are no more using passwords to access the remote systems.

More importantly invisible key-loggers and brute-force strikes doesn’t work for the spying sight if we use Password-less SSH login attempts.

Method 1:

  1. Here, we’ll be using two systems.
  2. Local system’s IP address: 192.168.17.133
  3. Local system’s OS: CentOS 7 LTS
  4. Remote system’s IP address: 119.153.131.120
  5. Remote system’s OS: CentOS 7

First of all, open Terminal and run the following command to generate pair of private and public keys in your local system.

Run the following command to generate encrypted keys.

ssh-keygen -t rsa

Output:

Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
[Just, Press Enter Key]
Enter passphrase (empty for no passphrase): [Just, Press Enter Key]
Enter same passphrase again: [Just, Press Enter Key]
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
53:b7:3a:5b:39:22:78:35:e7:cf:44:64:cd:52:d4:a1 root@root
The key's randomart image is:
+--[ RSA 2048]----+
| o=|
| .+.|
| . .E+ o|
| . . + . |
| S o o . |
| . o = o |
| . o + = . |
| . . = = |
| . o |
+-----------------+

The private/public key has been generated and stored at “/root/.ssh/”.

The above command will generate two keys. One is private, and another is public key. The private key should remain in the local system itself. The public key should be transferred to the remote systems that you want to access from the local system. If the both keys does coordinate with each other while authenticating, the local system will be able to access the remote system. If both private and public key pairs doesn’t match, the verification will not be permitted.

Also, it is important to know that, you can’t use the same pair of keys for different systems. Each system’s keys are different and exclusive.

Now, copy the public key file to your remote system.

ssh-copy-id -i ~/.ssh/id_rsa.pub root@119.153.131.120

Output:

/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), 
to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- 
if you are prompted now it is to install the new keys
root@119.153.131.120's password:
Number of key(s) added: 1

Now try logging into the machine, with: "ssh 'root@119.153.131.120'"
and check to make sure that only the key(s) you wanted were added.

Now, ssh to your remote server as shown below.

Syntax:

ssh username@ip-address-of-remote-system
ssh root@119.153.131.120

You will be able to access the remote system without entering the password.

Method 2:

This method is much easier than the first method, but it’s not that safe as compared to first one. In this method, we will not store the password or exchange the keys between local and remote systems. Instead, we will use the “password” as part of the command.

We’ll use “sshpass” command to enable non-interactive SSH password authentication.

To install sshpass in Ubuntu systems, run:

sudo apt-get install sshpass

In RPM based systems, like CentOS, run:

yum install sshpass

Now, lets connect to the remote system using ‘sshpass’ command:

sshpass -p 'P@ssw0rd' ssh root@119.153.131.120

Now, you can access the remote system.

you can also export the password to Environment variable and ssh to your system without using the password as part of your command.

To do that, first export password to the environment variable.

export SSHPASS=P@ssw0rd

Now, ssh to your remote system using below command:

sshpass -e ssh root@119.153.131.120

That’s it.

Error’s troubleshooting:

You might face some issue after configuring Passwordless SSH login in Linux, I have explain some of them as below.

Problem-1

In case, ‘ssh’ version is different in local and remote systems, you need to set permissions for ‘.ssh’ directory of your remote system.

Run the following command, to do that:

ssh root@119.153.131.120 "chmod 700 .ssh; chmod 640 .ssh/authorized_keys"

Now, you can ssh to your remote systems without any issues.

Problem-2

If you still can’t ssh to remote systems for some reasons, go to your remote system, and enable SSH key authentication.

Edit the following file:

nano /etc/ssh/sshd_config

Find, uncomment and change the following lines as given below.

PubkeyAuthentication yes
AuthorizedKeyFile .ssh/authorized_keys
ChallengeResponseAuthentication no

Save and close the file. Restart ssh service using command:

systemctl restart sshd

Now, Go back to the local system and try again to login to the remote machine, with the below command:

ssh username@ip-address-of-remote-system

Problem-3 

Sometimes you might facing the following error while ssh to the remote systems.

Agent admitted failure to sign using the key.

To resolve it, run the following command in your local system.

ssh-add

Enter the correct passphrase that you have created earlier.

Enter passphrase for /root/.ssh/id_rsa:
Identity added: .ssh/id_rsa (.ssh/id_rsa)
ssh-add command will add private key identities to the authentication 
agent.

That’s all, Both methods are easy to configure and use. Go ahead and give it a try.

You also like to know How To Change Direct Admin’s Default Port NumberPlease check my previous article on this and also give your opinion below if you experience any issues or to discuss your ideas and experiences.

 

Leave a Reply

Register to Get FREE Offers

Why Pay for Software when you can GET it for FREE

JOIN US TONIGHT!