Password less SSH Authentication using public/private keys

SSH gives you remote access to a Linux machine, just like you are sitting physically with the keyboard attached to it. One of the main reasons why people use ssh is because its secure, all communication is encrypted and packets can not be sniffed during connection.

How ever if some one knows your SSH password then your server/personal computer is compromised even though SSH transmission is encrypted. The best way to make sure that no one is able to access your machine through SSH is authentication using public/private keys, lets dive into how it works.

Use case

Machine A : 10.20.30.1

Machine B : 192.168.1.5

We need to connect to machine B ( IP : 192.168.1.5 ) from A without entering password.

Step 1:

Generate a key pair, login to machine A, make sure you login to the user who is going to access the remote machine, i.e

user tom on machine A needs access to machine B, you must login to machine A tom user.

Once logged into to user tom on machine A, run the following command

ssh-keygen

It will ask for the file name to save the key in

Enter file in which to save the key (/home/usman/.ssh/id_rsa):

Just press enter and accept the default file name, do not enter the file name.

After that you will be asked for the pass-phrase just press (for the re-confirmation as well)

Enter passphrase (empty for no passphrase): 
Enter same passphrase again:

After that your public/private key pair will be stored in

/home/user/.ssh/

User : user will be the current logged in user (tom in our case), the whole process would look something like this.

Generating public/private rsa key pair.
Enter file in which to save the key (/home/user/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/user/.ssh/id_rsa.
Your public key has been saved in /home/user/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:h6/fDdQxVFrRglO+2/gcQFIgWKJ5PswU1BEOiMkxM+w user@user
The key's randomart image is:
+---[RSA 2048]----+
|  o=+ o=+=o..+oo=|
|   =+.o.=.. +o.o.|
|  .  o o . . o=. |
|   E  *  .  o. + |
|       =S . ..o  |
|        .o .  .+ |
|          . . o..|
|         . . o o.|
|        ... . . o|
+----[SHA256]-----+

Now your private key is : id_rsa

And public key is : id_rsa.pub

Both are stored in .ssh directory.

Step 2

Move the public key to machine B, so that password less authentication can work, you can use any method that suits you to move your key to machine B. I am going to use scp since its very easy.

Change your directory to ‘.ssh’, by entering ‘cd .ssh’

Here when you enter the   ls command you may see 2 or 3 files.

id_rsa
id_rsa.pub
known_hosts

These 3 files might be in your .ssh directory, our concern is with the  id_rsa.pub

file, execute he following command to move this file to machine B

scp id_rsa.pub [email protected]:/

Important : Please note that I’ve used following string in this command [email protected]:/

That means on machine B we will be able to log into user tom without password (and no other user), now public key reside on the remote machine.

Step 3

Login to machine B using following command

ssh [email protected]

Enter password for user tom and you will be logged in ( this is the last time you are going to enter password for machine B )

Now execute the following commands to move the private key to appropriate file

cd /
cp id_rsa.pub /root/home/.ssh/authorized_keys

Now your key will be moved to user tom .ssh directory (which is inside its home), and in the file name authorized_keys (Make sure the file name is authorized_keys)

All you have to do is move id_rsa.pub file  under user tom .ssh directory with file name authorized_keys.

Step 4

Come back to machine A, and issue the following command

ssh [email protected]

And you will be logged in without the ssh password prompt.

 

Leave a Reply

Your email address will not be published. Required fields are marked *