Web Hosting Blog – Dewlance

How to setup password less ssh key on Ubuntu 18.04 VPS

Today it is easy to set up password less ssh key on Ubuntu 18.04 on workstations which have matching private and public key pair. In traditional systemone was required to enter username and password to get access to server but when it is about security password less SSH logon is best among all.

 

Easy steps to enable password less SSH key
1. Check / Install SSH service

First basic step is to check whether openssh-server is installed or not. If it already installed check for it with below mentioned command.

rpm -q openssh-server
openssh-server-6.6.1p1-33.el7_3.x86_64

 

If SSH service is not installed in system, update repository and move forward to install service by below mentioned commands.

#yum check-update

Loaded plugins: fastestmirror
Repodata is over 2 weeks old. Install yum-cron? Or run: yum makecache fast
base | 3.6 kB 00:00:00
extras | 3.4 kB 00:00:00
updates | 3.4 kB 00:00:00

 

yum install openssh-server

 

 

2. Configure Key pair using ssh-Keygen

We are not using password to access server and so there is need to have public key authentication as it will make connection secure. Server will itself generate private key using command. Once command is processed two different keys are bene generated which are even stored in two different files which are in hidden folder where .ssh is the home directory. Bydefault file are stored as id_dsa (private key) and id_dsa.pub (public key). Passphrase is asked while generating keys as it will protect keys after generation.

 

# ssh-keygen -t rsa

Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
04:d3:00:7a:25:d0:08:ab:0c:b1:29:d4:e1:7b:62:f2 root@centos-01
The key's randomart image is:
+--[ RSA 2048]----+
|ooo=+.=o |
|.=oo.o o. |
|* ... . |
|= .. . |
|.o + . S |
| + o |
| E |
| |
| |
+-----------------+

 

3. Copy public keys

Once key is been generated next step is to copy the content placed inside public key to the server. First step is to create a folder named .ssh and copy local public key id_dsa.pub to the file. It can be done manually or by using ssh-copy-id command.

 

Manual copy

# ssh root@10.132.6.180 mkdir -p .ssh
The authenticity of host ‘10.132.6.180 (10.132.6.180)’ can’t be established.
ECDSA key fingerprint is 56:54:51:4d:fe:f4:fb:8f:f0:b4:6c:9c:0d:7c:57:4b.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added ‘10.132.6.180’ (ECDSA) to the list of known hosts.
root@10.132.6.180’s password:
# cat .ssh/id_rsa.pub | ssh root@10.132.6.180 ‘cat >> .ssh/authorized_keys’

 

Using ssh-copy-id

ssh-copy-id -i ~/.ssh/id_rsa.pub root@127.0.0.1

/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@127.0.0.1's password:

Number of key(s) added: 1

 

Now try logging into the machine, with: “ssh ‘root@127.0.0.1′”
and check to make sure that only the key(s) you wanted were added.

 

4. Set permission
chmod 700 .ssh
chmod 600 .ssh/authorized_keys

 

5. SSH without password

Now disable authentication by password through following command.

nano /etc/ssh/sshd_config
Change this values to following values:
RSAAuthentication yes
PubkeyAuthentication yes
PasswordAuthentication no
UsePAM no
ChallengeResponseAuthentication no

 

Restart SSH

systemctl reload sshd

 

Lastly test SSH service by following command.

ssh username@remote_host
Exit mobile version