Posted by Weston Ganger
When using SSH to access your server it can get annoying to enter the password every time. Well not only that but password authentication poses a security risk as well because you may be vulnerable to brute force attacks.
Here we will setup SSH keys and disable password authentication.
First install ssh server on your server
sudo apt-get install openssh-server
Now on your client machine:
# generate ssh keys ssh-keygen -t rsa # Append your public key to the server .ssh/id_rsa -> .ssh/authorized_keys ssh-copy-id firstname.lastname@example.org # or to an ip ssh-copy-id email@example.com # connect to the server ssh firstname.lastname@example.org
As you can see you were no longer required to enter a password to SSH in to your server because you are now using the SSH keys.
Next we want to disable password SSH. This is a good idea because it means people can’t perform brute force attacks against your server.
Edit the SSH config on the server
# /etc/ssh/sshd_config # make sure the following entries are set to yes and are uncommented RSAAuthentication yes PubkeyAuthentication yes # the following entries need to be set to no and are uncommented ChallengeResponseAuthentication no PasswordAuthentication no UsePAM no
Now lets test this
# reload the ssh configuration sudo service ssh reload # disconnect from server exit # try connecting without the need of a password, you may need to give a password to access your private key file but not for the ssh program. ssh email@example.com # try to connect to server with ssh key file auth disabled ssh firstname.lastname@example.org -o PubkeyAuthentication=no # this should give you a permission denied message
There you go you should have it all setup with no more need of passwords.
One handy tip if you did not know is that you can copy your .ssh folder to all of your machines and they can share the ssh keys. You will just have to restart the ssh-agent after copying the files. But that way your can save them and not have to manage a million ssh keys.
Related External Links: