Using a password for authentication on a server is asking for trouble. Servers are under constant attacks and it’s a matter of time until someone hits the right password and hijacks your server. With passwordless authentication, the chance of anyone hacking into your server greatly diminishes.
To start, you will need a public key on your local machine. If you are on Linux or Mac, a tool called ssh-keygen is probably available on your machine. If not, you can add it on ubuntu with:
sudo apt-get install ssh
Run the tool:
Follow the prompt and give a filename for the output:
Generating public/private rsa key pair. Enter file in which to save the key (/home/username/.ssh/id_rsa):
Giving a passphrase is optional, but it’s a good addition to other security measures.
The private key should be at
/home/username/.ssh/id_rsa and the public key at
You should have a server set up with SSH access. Copy your public key to the server:
Tip: use an
ssh_config file to save connection details.
Type in your password.
Once done, your public is added to
~/.ssh/authorized_keys on the server.
The next step is disabling password authentication for your user:
sudo nano /etc/ssh/sshd_config
Make sure this is set to no:
Finally you have to restart SSH to apply the changes:
sudo service ssh restart
Important: Do not close your terminal! Open a new terminal window and check if you can log in without a password. If you missed something, you might get locked out. If you can log in from a new terminal, you are free to close the old terminal window. Otherwise check your settings, restart ssh again and test again until you are able to connect from a new terminal without problems.
Bonus: Don’t forget to disable root login. Edit
/etc/ssh/sshd_config and set
PermitRootLogin no. Add a new line with
AllowUsers username. Optionally you can also change the port for SSH, which will decrease the load on your server. After that, you can restart SSH and test it from a new terminal window as I have described earlier.