SSH is a protocol that users/admins can use to communicate with their Linux servers. In this post we created an initial setup for the server and you can try how to connect to the server over SSH. We have used a username and password. Now I show you how to connect to the server without a password

Remember - the password you will need for running Sudo commands if you are a regular user.

1. Creating Key-Pair

The first step is to create a new key pair. You can create one by typing

ssh-keygen -t ed25519 -C "<comment>"

The -C flag, with a quoted comment such as an email address, is an optional way to label your SSH keys.

#output
Generating public/private ed25519 key pair.
Enter file in which to save the key (/home/emma/.ssh/id_ed25519):

Press enter to save the key pair into the .ssh/ subdirectory in your home directory or you can specify another path.

If in your path are already exists key with the same name you will be asked if you want to overwrite it.

# output
/home/emma/.ssh/id_ed25519 already exists.
Overwrite (y/n)?

If you select y existing key will be overwritten and you will not be able to authenticate with the old key anymore. Better is backup this key because this operation is not reversible.

#output
Your identification has been saved in /home/emma/.ssh/id_ed25519.
Your public key has been saved in /home/emma/.ssh/id_ed25519.pub.
The key fingerprint is:
SHA256:xam3E39l3ZBUfBNiXmzJoK/iOwIPk4Hq1oOT6NZSh1U emma
The key's randomart image is:
+---[RSA 2048]----+
|             +==+|
|       E . .+.oBo|
|    . .   +. .+ o|
|   . o   o  .  .o|
|  . o o S o  .  =|
| . o *   . +.  o |
|o * . =  .o.. .  |
|.O +   o.... .   |
|+.o .   .oo      |
+----[SHA256]-----+

You now have two keys public and private one that you can use to authenticate.

2.1. Copy SSH key to your server

The fastest method is to use ssh-copy-id. This will copy all your public keys to your server.

ssh-copy-id [email protected]_host

This will add the public key to ~/.ssh/authorized_keys.

2.2. Manually adding ssh keys

This can be done manually. Just need to copy the content of /home/emma/.ssh/id_ed25519.pub to this file. Each key goes to a new row.

Display contentof your key

cat /home/emma/.ssh/id_ed25519.pub

Login to your remote server. Check if your ‘~/.ssh` folder exists. If yes then OK if no we need to create it

mkdir -p ~/.ssh

Next, create or modify authorized_keys and add their content of your id_ed25519.pub key.

Finally, remove all permission for group and other by running following command

chmod -R go= ~/.ssh

This command removes it recursively.

2.3. Add SSH keys by script using CAT

you can use cat to copy. Full command looks like

cat ~/.ssh/id_rsa.pub | ssh [email protected]_host "mkdir -p ~/.ssh && touch ~/.ssh/authorized_keys && chmod -R go= ~/.ssh && cat >> ~/.ssh/authorized_keys"

Credits go to DigitalOcean.

After this setting, you can access the server without a password.

3. Disable password authentication

If you can connect to the server without a password you can edit the ssh configuration to disable password authentication. To do this you need to have root privileges. To login to your server and type

sudo nano /etc/ssh/sshd_config

Inside this file search directive PasswordAuthentication. If you are using nano you can search by pressing Ctrl+w. Set the value to no and remove #.

. . .
PasswordAuthentication no
. . .

Press ‘Ctrl+XthenY. to save the content of the file and finally press ENTER`.

To apply changes we need to restart the SSHD service so do this by typing:

sudo systemctl restart ssh

Open a new window and try to connect to your server

ssh [email protected]_server_ip

Emma is the user used for this tutorial. If it goes well and you can connect you are done. You can close all connections to the server.

At the end

You have now enabled keys only authentication to the server which is more secure than using a password. Keep the private key protected and don’t give them anyone.

Stay safe, ✌ peace