How To Enable Password-less SSH Logon On Ubuntu Servers

This brief tutorial is going to show you how to easily enable password-less SSH logon when using Ubuntu as your server. With this setup, only workstations that have the correct matching key pair (private and public) will be allowed to logon to the SSH server. Without the key paring, access will always be denied.

Most SSH setup allow for password logon. A user connects to the SSH and he/she gets prompted to enter his/her username and password. If the combination is correct, access is granted.

Well, if you want to enable a more secured option, you can disable password-logon for SSH altogether and only allow logon using an encryption key. When using encryption keys option, the client computer generates a private and public key pair.

The client then must upload it public key to the SSH server authorized_key file. Before access is granted, the server and client computer validate the key pair. If the public key on the server matches the private key submitted via the client, access will be granted.

This is very secure way authenticating to a SSH server and it’s a recommended method if you wish to implement secure logon.

  • Enabling Password-less SSH logon

Now before you begin, first install SSH server on the server computer. To do that in Ubuntu, run the commands below

sudo apt-get -y install openssh-server

To start up SSH server, run the commands below in Ubuntu

sudo service ssh start

Or

/etc/init.d/ssh start

  • Generating the  client encryption key pair

After installing SSH server on the server computer, you can now go and generate the client private and public key pair. To do that, run the commands below

ssh-keygen -t rsa

After running the above commands, you’ll be prompted to complete a series of tasks. The first will be where to save the keys, press Enter to choose the default location which is in a hidden .ssh folder in your home directory.

The next prompt will be to Enter a passphrase. I personally leave this blank (just press enter) to continue. It will then create the key pair and you’re done.

After generating the keys, you will then need to copy the client’s public key to the SSH server computer or host it wants to create trust relationship with.

Run the commands below to copy the client public key to the server.

ssh-copy-id user@server_ip_address or hostname

After the public key is transferred to the server, you can now go and disable password logon via SSH.

Next, logon to the server and open the configuration file for SSH. To do that, run the commands below.

vi /etc/ssh/sshd_config

Then make sure these lines are uncomment and value are set as shown below.

PubkeyAuthentication yes

AuthorizedKeyFile    .ssh/authorized_keys

PasswordAuthentication no

Restart the SSH server and you’re done.

sudo service ssh restart

Or

sudo /etc/init.d/ssh restart

Enjoy!

Advertisements

Posted on June 12, 2015, in Linux (Ubuntu/CentOS). Bookmark the permalink. Leave a comment.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: