Bashing Life

Contact

Donate

Configure passwordless authentication

by

webed
in

Server Side

1- In this scenario we are going to install an ssh server and configuring it so that it only accepts certificates to log in.

sudo apt-get install openssh-server

2- In the Remote Server: Ensure that password based ssh login is allowed in the ssh server configuration before copying your public key.. Edit the ssh configuration file after you have a working certificate based authentication. You should skip this step for now:

sudo nano /etc/ssh/sshd_config

Set the following options:

PasswordAuthentication no
ChallengeResponseAuthentication no
UsePAM no
KbdInteractiveAuthentication no

Save and exit the file.

sudo systemctl reload/restart sshd
or
sudo service ssh restart

Client Side

sudo apt-get install openssh-client

Navigate to /home/.ssh

3- Generate an SSH key pair (if you don\’t already have one. This command generates an RSA key pair with 4096 bits.

ssh-keygen -t rsa -b 4096

Or you can generate the more modern version with this command:

ssh-keygen -t ed25519 -a 100 -f .ssh/testkey

Give it a meaningful name and provide a password (optional)

Add Your SSH Key to the SSH Agent: You need to add a new identity using your SSH private key to the SSH agent with the following command:

ssh-add ~/.ssh/id_rsa (NOT the id_rsa.pub!)

Ensure SSH Agent is Running: ssh-copy-id relies on an SSH agent to manage your keys. If you need to stop it, type eval \”$(ssh-agent -k)\”

eval "$(ssh-agent -s)"
Or
eval $(ssh-agent -s)

OPTIONAL: Make sure that ssh-agent is running and that will it start at system boot in your local session and adding a desired private key:

nano ~/.bashrc

4- Add the following line at the end of the file :

eval "$(ssh-agent -s)"
ssh-add PATH_TO_YOUR_PRIVATE_KEY

To check if the SSH agent is running, you can use the ssh-add command with the -l option. If the ssh agent is running and has loaded any keys, you will see a list of the loaded key fingerprints. Open a terminal and run the following command:

ssh-add -l

Another way to check if the SSH agent is running, is to list the environment variables related to SSH.

If the SSH agent is running, this command will print the path to the SSH agent socket. If it\’s not running, the command will produce no output. Run the following command:

echo $SSH_AUTH_SOCK

You can also see if ssh agent is running by showing it\’s PID.

echo $SSH_AGENT_PID
  • There is another way to load the identities beside running the ssh agent and that is by creating a file named config inside the .ssh folder with the following information per server you want to connect to. The identities configured will be loaded at the time to try to connect via ssh.
Host server
       Hostname server_ip_address
       User remote_user
       IdentityFile /home/local_user/.ssh/identity_file

5- Make sure that ssh password authentication on your remote server is enabled. You\’ll need to copy your public key to the remote server using ssh-copy-id:

ssh-copy-id -i /path/to/id_rsa.pub admin@remote_server_ip

You are going to be prompted to type the password of your remote user to accept the public key.

6- Once that\’s done, log in and if all goes well, you will connect to the remote machine without a password.

ssh admin@remote_server_ip

Now you can disable password authentication in the remote machine in step 2 .

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *