Hello Linux geeks, it is always a good practice that Linux systems should be ssh with keys rather than the password. SSH (Secure Shell) keys gives us a secure way to login to Linux and UNIX like servers. When we access Linux systems with SSH keys then it is also known as passwordless ssh authentication.
In this post, we will learn how to setup passwordless SSH authentication with keys in Linux.
Lab setup details:
- Jump Host (Rocky Linux) — SSH Client — 192.168.1.135
- Remote Linux System (Ubuntu 20.04) — 192.168.1.130
Let’s deep dive into the steps,
Step 1) Generate SSH keys on Jump host using ssh-keygen command
Login to jump host, in my case I am using ‘sysadm’. Run ssh-keyen command to generate Public and Private keys for sysadm using rsa algorithm
$ ssh-keygen -t rsa
This command will prompt you to enter path of public and private keys, if you want to keep the default path then hit enter and also hit enter when prompting to set the passphrase.
Output of ssh-keygen command would look like below,
Note: By default, ssh-keygen command generate keys of size 2048 bits. If you wish to change the size of keys, then use ‘-b’ option followed by size in bits. Example is shown below,
$ ssh-keygen -t rsa -b 4096
Step 2) Copy User’s Public Key to Remote Linux System
Use ‘ssh-copy-id’ command to copy user’s public key into remote linux system user’s authorized_keys file.
Syntax: ssh-copy-id <user-name>@<Remote-Linux-System-IP>
$ ssh-copy-id k[email protected]
Step 3) Test passwordless ssh authentication
Now try to ssh remote system from jump host.
$ ssh [email protected]
Perfect, above output confirms that we can login to remote system without specifying any password.
Following are the important points to be considered while setting up passwordless authentication.
- Once the keys are exchanged and tested then we should disable root login and password based authentication for root and other users.
To achieve this, edit the ‘/etc/ssh/sshd_config’ file and set the following parameters.
PermitRootLogin no PubkeyAuthentication yes PasswordAuthentication no UsePAM yes
Save and exit the file and the restart the ssh service using below systemctl command.
$ sudo systemctl restart sshd
- Another important point is that remote user, in our case ‘kadmin’ should be part of sudo group and have admin rights so that it can perform administrative tasks.
That’s all from this post, I hope you have found it informative, Please drop your queries and feedback in below comments section.