Setup RSA keys and SSH to Linux Without a Password

RSA keys not only provide more robust authentication than passwords- a password can be broken with time, luck and/or a hypothetical hammer- but can also make life a lot easier by removing the need to type a password on every login. This, obviously, assumes that the client computer won’t fall into the wrong hands.

This guide will run through the process of generating a client RSA key set, adding the public key to your Linux server and finally removing the ability to log in with a password. This will be demonstrated through the CLI.

From your client computer, generate RSA keys
ssh-keygen -t rsa

Enter file in which to save the key, I chose the default /Users/Jonny/.ssh/id_rsa

You will be prompted for a password. I chose to not use a password
Enter passphrase (empty for no passphrase):

Show the public key that has just been generated
cat /Users/Jonny/.ssh/

Copy this key

Login to your server in the normal way
ssh [email protected]

Create an ssh directory in your home location
mkdir .ssh

Create a file for authorised keys
nano .ssh/authorized_keys

Paste your key in this file. Press ctrl + x to save.

Optional: Remove ability to login with a password

Assume root privileges

Open the ssh config file in an editor
nano /etc/ssh/sshd_config

Find the following line
#PasswordAuthentication yes

Change it to
PasswordAuthentication no

Press ctrl + x to save and exit

Optional: Change RSA passphrase

On the client computer type
ssh-keygen -p

You will be asked for the current and new password

All done! Now you can log in without a password!

Leave a Reply

Your email address will not be published. Required fields are marked *