Set up Passwordless Authentication for SSH on Ubuntu

Using a password for authentication on a server is asking for trouble. Servers are under constant attacks and it’s a matter of time until someone hits the right password and hijacks your server. With passwordless authentication, the chance of anyone hacking into your server greatly diminishes.

To start, you will need a public key on your local machine. If you are on Linux or Mac, a tool called ssh-keygen is probably available on your machine. If not, you can add it on ubuntu with:

sudo apt-get install ssh

Run the tool:

ssh-keygen

Follow the prompt and give a filename for the output:

Generating public/private rsa key pair.
Enter file in which to save the key (/home/username/.ssh/id_rsa):

Giving a passphrase is optional, but it’s a good addition to other security measures.

The private key should be at /home/username/.ssh/id_rsa and the public key at /home/username/.ssh/id_rsa.pub.

You should have a server set up with SSH access. Copy your public key to the server:

ssh-copy-id username@server

Tip: use an ssh_config file to save connection details.

Type in your password.

Once done, your public is added to ~/.ssh/authorized_keys on the server.

The next step is disabling password authentication for your user:

sudo nano /etc/ssh/sshd_config

Make sure this is set to no:

PasswordAuthentication no

Finally you have to restart SSH to apply the changes:

sudo service ssh restart

Important: Do not close your terminal! Open a new terminal window and check if you can log in without a password. If you missed something, you might get locked out. If you can log in from a new terminal, you are free to close the old terminal window. Otherwise check your settings, restart ssh again and test again until you are able to connect from a new terminal without problems.

Bonus: Don’t forget to disable root login. Edit /etc/ssh/sshd_config and set PermitRootLogin no. Add a new line with AllowUsers username. Optionally you can also change the port for SSH, which will decrease the load on your server. After that, you can restart SSH and test it from a new terminal window as I have described earlier.

The following two tabs change content below.

Jay Galaczi

Latest posts by Jay Galaczi (see all)

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *