Password-less SSH login using Public key authentication

Posted on 27th September 2018

Public key authentication is a more secure and convenient way of login in to a remote server compared to the conventional method of using a username and password. With Public key authentication, users generate a key pair that consist of a public key and a private key. The public key is shared with everyone but the private key remains only with the user. An SSH server that wants to allow a user to login will store that users public key in the file ~/.ssh/authorized_keys. To login to an SSH server, the user generates a digital signature using the private key. SSH server can verify whether the signature is valid using the corresponding public key and confirm the identity of the user.

Setup Public key authentication for SSH on Linux

You can setup public key authentication for SSH on Linux in two simple steps.

  1. Generate a key pair using ssh-keygen. You can use RSA or DSA algorithms to generate the keys. (Default is RSA).

    ssh-keygen -t rsa

    You will be prompted to enter a file name to save the key. Default file name is ~/.ssh/id_rsa for RSA keys and ~/.ssh/id_dsa for keys generated using DSA algorithm.

    You will also be prompted to enter a passphrase to protect the private key. If you do not enter a passphrase then anyone that has access to your computer use your private key to login to a SSH server that has the matching public key. Below is an example.

    # ssh-keygen -t rsa
    Generating public/private rsa key pair.
    Enter file in which to save the key (/root/.ssh/id_rsa): [Enter]
    Enter passphrase (empty for no passphrase): [Enter]
    Enter same passphrase again: [Enter]
    Your identification has been saved in /root/.ssh/id_rsa.
    Your public key has been saved in /root/.ssh/id_rsa.pub. 
    The key fingerprint is:
    SHA256:uzaPPHXtmzxrv4p4qHUuPaLLNxfevygM2eb2HORNqtc root@localhost.localdomain
    The key's randomart image is:
    +---[RSA 2048]----+
    |                 |
    |        S o  o . |
    |         +.++ =  |
    |        .oOoo=.. |
    |      ..=O+@++*E |
    |       *O=O+=*BO+|
    +----[SHA256]-----+
    

  2. Copy the public key to remote SSH server using ssh-copy-id

    ssh-copy-id is a utility that copies your public key to a remote host. The keys are appended to the remote users ~/.ssh/authorized_keys file.

    # ssh-copy-id -i ~/.ssh/id_rsa.pub user@remote_host
    

    You will be prompted to enter the password for the user on the remote host.

The setup is now complete and you should be able to SSH to the remote host without being prompted for a password.

# ssh remote_host

If you had set a passphrase when generating the id then you will be prompted to enter that otherwise you will be logged in straight on the remote host.

Setting up Public key authentication with PuTTy on Windows

If you are using Putty to SSH to a remote host from Windows, you can configure public key authentication in four simple steps.

  1. Generate key pair using PuTTyGen key generator.

    PuTTyGen is a utility to generate public and private keys for SSH. You can find this in the PuTTy installation folder (default install location is C:\>Program Files (x86)\PuTTY). Double-click puttygen.exe to open the utility.

    PuttyGen Key Generator
    PuTTy Key Generator

    First select the type of key and the number of bits in the Parameters section at the bottom of the screen and click the Generate Button.

    You'll then be prompted to move the mouse on the blank area to create some randomness. The key pair will be generated soon after that.

    PuttyGen Generate Key
  2. Save the Public and Private Keys

    Once the keys are generated, you can set a passphrase for the key (this is optional but highly recommended) and then click Save public key and Save private key buttons to save the keys.

    PuttyGen Save Key
  3. Install the Public key on SSH server

    Copy the public key from under the key section and paste it in the authorized_keys file on the remote SSH host.

  4. Configure PuTTy to use the private key

    Open PuTTy and click on ConnectionSSHAuth

    Click Browse and select the Private key file that you saved in Step 2.

    Configure Private Key in Putty

    Then click on Session and select connection type SSH, enter remote host name and finally click Open.

    At the login prompt enter the username to login. You will be prompted to enter the passphrase if you have configured one, otherwise you will be logged in to the remote host without entering a password.

    Putty login with Private key

Post a comment

Comments

Nothing yet..be the first to share wisdom.