How to SSH without a Password

Hello Friends,
in this article I will show you how to install SSH on a Server and Desktop, after successful installation and testing that it worked I am showing also how to use password-less authentication with SSH to elevate the security even further. We are using ssh-keygen and ssh-copy-id in the process.

SSH - Secure Shell
Secure Shell – SSH

Install OpenSSH Server

Secure Shell or short SSH is a very convenient and secure way to remotely manage a Linux Servers or Workstations respectively. Usually when you install a Ubuntu Server the installer is asking if the SSH Service should be installed

Secure Shell or SSH during Server install
Secure Shell or SSH during Server install

and I highly recommend doing so but in the case it has not been done so here is how you can install OpenSSH Server later on. Run the following command:

sudo apt install openssh-server

Installing SSH Server
Installing SSH Server

After installation is finished it should look like the following:

Finished SSH Server installation
Finished SSH Server installation

Lets check that the server is actually installed and running with the following command:

sudo systemctl status sshd

Checking SSH Server state
Checking SSH Server state

As you can see the SSH Server is installed and running.

SSH Password Login

Lets test connectivity from a workstation.

ssh itmgr@192.168.69.240

SSH Password Login
SSH Password Login

It is verified that it is working properly. Lets work on getting the password-less authentication working in the next step.

SSH Key Generation

Lets generate the SSH Key and upload it to the server and test it again. Enter the following command:

ssh-keygen -t rsa -b 4096

  • ssh-keygen : ssh-keygen is a tool to generate a ssh key for password-less authentication
  • -t rsa : -t is a switch to specify the Type of key generated possible types are dsa, rsa, ecdsa, ecdsa-sk, ed25519 and ed25519-sk
  • -b 4096 : -b specifies the key length by default it is 3072, I recommend using at least 4096 bits for higher security.

You should see something like in the screenshot below.

ssh-keygen command
SSH Key generation

So the SSH Key is now generated.

Upload SSH Key

Lets upload it to the server by using the ssh-copy-id command:

ssh-copy-id itmgr@192.168.69.240

enter your password and it will upload the ssh key to the proper location on the destination machine. It should look similar to the screenshot below.

ssh-copy-id command
ssh-copy-id command

Testing Password-less Login

Now lets try to use the password-less login. Just enter the following command:

ssh itmgr@192.168.69.240

and you should see it logs in without asking for password. See the screenshot below.

First password-less login
First password-less login

Excellent, that worked but we are not done yet. Password authentication is still enabled and suspect to ssh brute force attacks.

Disable Password Logins

Since we are on the server lets edit the sshd_config file and restart the ssh service. Enter the following command:

sudo vim /etc/ssh/sshd_config

Look for two option in the config file. PasswordAuthentication and ChallengeResponseAuthentication, see screenshot below.

sshd_config before adjustment
sshd_config before adjustment

Un-comment PasswordAuthentication and change its value to no and verify the ChallengeResponseAuthentication is set to no and un-comment like in the screenshot below.

sshd_config after adjustment
sshd_config after adjustment

Save and close the config file and execute the following command to restart ssh service:

sudo systemctl restart sshd.service

Conclusion

In this process we installed SSH Service, verified password login then generate a SSH Key on a client machine and uploaded it and test password-less ssh authentication and last but not least adjusted the sshd_config to prevent password logins and restarted the SSH Service. If you find this article useful please leave a comment and if you like to see something written up here let me know.

If you like to read more about OpenSSH visit http://www.openssh.com/

Good Day 🙂