Skip to main content

Setting up paswordless SSH login

Client side

This is the command used to generate a keypair, be sure to use a strong password when it prompts for it:

ssh-keygen -t ed25519 -C "your@email.com or anything really, a -Comment"

This will generate two files: the .pub file is the public key (this is OK to share with anyone), the other one with no extension is the private key (this should be kept private at all cost).

You then need to share the .pub file (not the other one, that's the private key!) with the admin or get it to the server.

This command will do it automatically but it only works if password login is still enabled on the server.

ssh-copy-id -i id_rsa.pub username@hostname

If password login is disabled, an admin needs to do this manually.

After the server knows about your key login with:

ssh -i path_to_private_key username@hostname

It will then prompt for your password.

You can also setup which host uses which keyfile and other options in .ssh/config in your home directory

This is how .ssh/config should look 

Host host.com
 Hostname suda.hostname.com
 User username
 IdentityFIle /home/username/.ssh/id_rsa

Then you can login by only typing ssh suda.hostname.com.

Server side

The public key needs to pasted as a new line in the authorized_keys file in each users' home .ssh directory. 

That user needs ownership of the .ssh directory and the permissions should be 700 for the directory and 600 for the authorized_keys file.

mkdir /home/username/.ssh
chown username:username .ssh
cat key.pub >> /home/username/.ssh/authorized_keys #can also be done manually (pasting in the key into the file)
chown username:username .ssh/authorized_keys
chmod 700 authorized_keys
chmod 600 home/username/.ssh/authorized_keys

Password login can be disabled in /etc/sshd/config

PasswordAuthentication no