Today it is easy to set up password less ssh key on Ubuntu 18.04 on workstations which have matching private and public key pair. In traditional systemone was required to enter username and password to get access to server but when it is about security password less SSH logon is best among all.
Easy steps to enable password less SSH key
1. Check / Install SSH service
First basic step is to check whether openssh-server is installed or not. If it already installed check for it with below mentioned command.
rpm -q openssh-server openssh-server-6.6.1p1-33.el7_3.x86_64
If SSH service is not installed in system, update repository and move forward to install service by below mentioned commands.
#yum check-update Loaded plugins: fastestmirror Repodata is over 2 weeks old. Install yum-cron? Or run: yum makecache fast base | 3.6 kB 00:00:00 extras | 3.4 kB 00:00:00 updates | 3.4 kB 00:00:00
yum install openssh-server
2. Configure Key pair using ssh-Keygen
We are not using password to access server and so there is need to have public key authentication as it will make connection secure. Server will itself generate private key using command. Once command is processed two different keys are bene generated which are even stored in two different files which are in hidden folder where .ssh is the home directory. Bydefault file are stored as id_dsa (private key) and id_dsa.pub (public key). Passphrase is asked while generating keys as it will protect keys after generation.
# ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: 04:d3:00:7a:25:d0:08:ab:0c:b1:29:d4:e1:7b:62:f2 root@centos-01 The key's randomart image is: +--[ RSA 2048]----+ |ooo=+.=o | |.=oo.o o. | |* ... . | |= .. . | |.o + . S | | + o | | E | | | | | +-----------------+
3. Copy public keys
Once key is been generated next step is to copy the content placed inside public key to the server. First step is to create a folder named .ssh and copy local public key id_dsa.pub to the file. It can be done manually or by using ssh-copy-id command.
Manual copy
# ssh root@10.132.6.180 mkdir -p .ssh
The authenticity of host ‘10.132.6.180 (10.132.6.180)’ can’t be established.
ECDSA key fingerprint is 56:54:51:4d:fe:f4:fb:8f:f0:b4:6c:9c:0d:7c:57:4b.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added ‘10.132.6.180’ (ECDSA) to the list of known hosts.
root@10.132.6.180’s password:
# cat .ssh/id_rsa.pub | ssh root@10.132.6.180 ‘cat >> .ssh/authorized_keys’
Using ssh-copy-id
ssh-copy-id -i ~/.ssh/id_rsa.pub root@127.0.0.1 /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys root@127.0.0.1's password:
Number of key(s) added: 1
Now try logging into the machine, with: “ssh ‘root@127.0.0.1′”
and check to make sure that only the key(s) you wanted were added.
4. Set permission
chmod 700 .ssh chmod 600 .ssh/authorized_keys
5. SSH without password
Now disable authentication by password through following command.
nano /etc/ssh/sshd_config
Change this values to following values: RSAAuthentication yes PubkeyAuthentication yes PasswordAuthentication no UsePAM no ChallengeResponseAuthentication no
Restart SSH
systemctl reload sshd
Lastly test SSH service by following command.
ssh username@remote_host