Skip to main content

Setting up paswordless SSH login

Client side

This is the command used to generate a keypair, be sure to use a strong password when it prompts you for it 

ssh-keygen -t ed25519 -C "your@email.com or anything really, a -Comment "

This will generate two files: the .pub file is your public key (this is ok to share with anyone), the other one with no extension is the private key (this should be kept private at all cost)

You then need to share get the .pub file (not the other one, that's the private key!) with the admin or get it to the server.

After the server knows about your key login with:

ssh -i path_to_private_key username@hostname

It will then promtp for your password.

You can also setup which host uses which keyfile in .ssh/config in your home directory

This is how .ssh/config should look 

Host host.com
 Hostname suda.host.com
 User username
 IdentityFIle /home/username/.ssh/id_rsa

Then you can login by only typing ssh suda.formatc.hr

Server side

This command will do it automatically but it only works if password login is still enabled on the server.

ssh-copy-id -i id_rsa.pub username@host.com

If password login is disabled, an admin needs to do this manually.

The public key needs to pasted as a new line the authorized_keys file in each users' home .ssh directory. 

That user needs ownership of the .ssh directory and the permissions should be 700 for the directory and 600 for the authorized_keys file.

mkdir /home/username/.ssh
chown username:username .ssh
cat key.pub >> /home/username/.ssh/authorized_keys #can also be done manually (pasting in the key into the file)
chown username:username .ssh/authorized_keys
chmod 700 authorized_keys
chmod 600 home/username/.ssh/authorized_keys

Password login can then be disabled in /etc/sshd/config

PasswordAuthentication no
Back to top