Setting up paswordless SSH login
Client side
This is the command used to generate a keypair, be sure to use a strong password when it prompts for it:
ssh-keygen -t ed25519 -C "anything"
This will generate two files: the .pub file is the public key (this is OK to share with anyone), the other one with no extension is the private key (this should be kept private at all cost).
You then need to share the .pub file (not the other one, that's the private key!) with the admin or get it to the server.
This command will do it automatically but it only works if password login is still enabled on the server.
ssh-copy-id -i id_rsa.pub username@hostname
If password login is disabled, an admin needs to do this manually.
After the server knows about your key login with:
ssh -i path_to_private_key username@hostname
It will then prompt for your password.
You can also setup which host uses which keyfile and other options in .ssh/config in your home directory
This is how .ssh/config should look
Host host.com
Hostname suda.hostname.com
User username
IdentityFIle /home/username/.ssh/id_rsa
Then you can login by only typing ssh suda.hostname.com.
Server side
The public key needs to pasted as a new line in the authorized_keys file in each users' home .ssh directory.
That user needs ownership of the .ssh directory and the permissions should be 700 for the directory and 600 for the authorized_keys file.
mkdir /home/username/.ssh
chown username:username .ssh
cat key.pub >> /home/username/.ssh/authorized_keys #can also be done manually (pasting in the key into the file)
chown username:username .ssh/authorized_keys
chmod 700 authorized_keys
chmod 600 home/username/.ssh/authorized_keys
Password login can be disabled in /etc/sshd/config or /etc/ssh/sshd_config (depending on your distribution)
PasswordAuthentication no
No Comments