Log into ssh servers (Mac OS X or Linux) without passwords, using ssh key. How to generate them with ssh-keygen and install on the server — Arch Linux Wiki
Generate ssh keys
To generate your private and public keys for ssh login with no password we will use
ssh-keygen in the client computer (The one that will log into the server using ssh)
ssh-keygen -t rsa
It will ask you for a passphrase, is up to you to use one or not. Here are the pros and cons.
- Extra security
- If you lose your private key, no one will be able to use it.
- It can be tedious to be typing the pass phrase each time you want to log into the server
- You can not use the key for scripts, as they will not be able to type the pass phrase.
I prefer not to use a passphrase, anyway my home folder in my laptop is encrypted.
Install the ssh key
If you are on Arch Linux, Ubuntu or Debian use:
If you do not have the command
ssh-copy-id, for example if you are on a Mac.
cat ~/.ssh/id_rsa.pub | ssh username@machine "cat >> ~/.ssh/authorized_keys"
Use root as username to install your key for the root user, you can run for as many users in the server as you want or need.
Now test that the work by loggin into the server, you should not be promped for a password.
Secure your server
Now that you know it works, it is time to secure your server. Edit the file /etc/ssh/sshd_config and look for: PermitRootLogin and change it from yes or no to: without-password. You will now will only be able to log into the server using root user, by using the keys.