This brief tutorial is going to show you how to easily enable password-less SSH logon when using Ubuntu as your server. With this setup, only workstations that have the correct matching key pair (private and public) will be allowed to logon to the SSH server. Without the key paring, access will always be denied.
Most SSH setup allow for password logon. A user connects to the SSH and he/she gets prompted to enter his/her username and password. If the combination is correct, access is granted.
Well, if you want to enable a more secured option, you can disable password-logon for SSH altogether and only allow logon using an encryption key. When using encryption keys option, the client computer generates a private and public key pair.
The client then must upload it public key to the SSH server authorized_key file. Before access is granted, the server and client computer validate the key pair. If the public key on the server matches the private key submitted via the client, access will be granted.
This is very secure way authenticating to a SSH server and it’s a recommended method if you wish to implement secure logon.
- Enabling Password-less SSH logon
Now before you begin, first install SSH server on the server computer. To do that in Ubuntu, run the commands below
sudo apt-get -y install openssh-server
To start up SSH server, run the commands below in Ubuntu
sudo service ssh start
Or
/etc/init.d/ssh start
- Generating the client encryption key pair
After installing SSH server on the server computer, you can now go and generate the client private and public key pair. To do that, run the commands below
ssh-keygen -t rsa
After running the above commands, you’ll be prompted to complete a series of tasks. The first will be where to save the keys, press Enter to choose the default location which is in a hidden .ssh folder in your home directory.
The next prompt will be to Enter a passphrase. I personally leave this blank (just press enter) to continue. It will then create the key pair and you’re done.
After generating the keys, you will then need to copy the client’s public key to the SSH server computer or host it wants to create trust relationship with.
Run the commands below to copy the client public key to the server.
ssh-copy-id user@server_ip_address or hostname
After the public key is transferred to the server, you can now go and disable password logon via SSH.
Next, logon to the server and open the configuration file for SSH. To do that, run the commands below.
vi /etc/ssh/sshd_config
Then make sure these lines are uncomment and value are set as shown below.
PubkeyAuthentication yes
AuthorizedKeyFile .ssh/authorized_keys
PasswordAuthentication no
Restart the SSH server and you’re done.
sudo service ssh restart
Or
sudo /etc/init.d/ssh restart
Enjoy!