This articles documents how I us SSH with RSA key-based authentication instead of using a password. A few weeks ago, I switched from Ubuntu to EndeavourOS because I want a leaner setup with only the packages I need for work. I have several machines here in the office and in order to avoid typing in passwords to open an SSH session, I switched to a passwordless authentication instead. Here are the steps to set this up.
- Generate SSH key
- Copy the public key to all computers
- Edit the sshd_config file to disable passowrds
1 Generating the SSH key
To begin, an SSH key pair has to be generated on every computer. To do this, I open the terminal and type: ssh-keygen -t rsa
When asked for a location, I press ENTER to accept the default. After that I get prompted to enter a password for they key. Because all of my computers are encrypted, I leave the password field blank and press ENTER twice to continue. This completes step one.
2 Copy the public key to every PC on the network
The easiest way to do do this is: ssh-copy-id “servername”
The server name would be the login details of the other computer.
For example: username@localipaddress + password.
This will add the public key which was just generated to the authorized_keys file on the computer which was just specified. This completes step two.
3 Disable SSH login passwords
By now, I can log into all of my computer which have a copy of the public key stored in the authorized_keys file without providing a password. With passwordless SSH login working, all that’s left to do is disabling the password option.
To do so, I edit the ssh_config file on every computer which has my public SSH key.
The command to do this is: sudo nano /etc/ssh/sshd_config
Once the sshd_config file is open, I un-comment PasswordAuthentication yes and replace the word yes with no.
Lastly, I scroll down and change Use PAM yes to Use PAM no and save the file.
For the changes to take affect, I need to restart the sshd daemon by typing:
sudo systemctl restart sshd into the terminal. Done.
From this point on, I can quickly log into all of my computers by typing ssh -email@example.com and no further verification will be necessary.
Help, it’s not working
I have been doing this for a long time and don’t pay much attention to the process but when I first learned how to set up SSH passwordless logins, things didn’t go smoothly. If, for some reason, the login generates errors then I suggest to undo the two changes which were made in step three. This will restore the password option and revert to the previous state which required a password to log in.
Setting up just one machine to talk to another is quite simple. Having a handful of computers talk to each other needs a bit of planning. I suggest that if it didn’t go smooth, simply make a check list that helps you follow trough with copying all of the keys between the machines. It’s easy to get confused and if necessary, simply start with one PC and get used to ssh passwordless logins. When comfortable, add another machine.
As always, I’m happy to answer questions regarding the RSA key generation and other issues that might pop up. If this topic is new and you are just starting to research then I suggest to consult ssh.com/academy which is excellent source regarding secure shell computing.
Configuring SSH and learning the basic commands can replace the need of running a SAMBA server which consumes less system resources not to mention also improves network security . Thank you for reading.