Passwordless authentication is a fast way of connecting to remote servers in a secure and fast manner. It helps solve the issue of forgotten password or password being compromised. Passwordless authentication can be done via ssh keypairs or configured passwords.
This guide shows the step by step process of how I set it up using public key and password automation
1. Setting Up Passwordless Authentication Using Public Keys
Password Authentication relies on pair of keys both public and private> . The public key is stored on the server, while the private key remains on the client machine. The process involves matching the private key to the public key, allowing access without the need for a password.
Step 1: Generate SSH Key Pair
Generate an SSH key pair on the from which you’ll be connecting to the server.
ssh-keygen -t rsa -b 4096
You will be asked to input a file location and passphrase. Press Enter
to accept the default location and to also leave the passphrase empty
Step 2: Give the Keypair File read and write command
chmod 600 <PATH to pem file>
This changes the permission of the pem file to read and write
Step 3: Copy Public key to Remote Machine
ssh-copy-id -f "-o IdentityFile <PATH TO PEM FILE>" ubuntu@<INSTANCE-PUBLIC-IP>
ssh-copy-id: This is the command used to copy your public key to a remote machine.
-f: This flag forces the copying of keys, which can be useful if you have keys already set up and want to overwrite them.
"-o IdentityFile ": This option specifies the identity file (private key) to use for the connection. The -o flag passes this option to the underlying ssh command.
ubuntu@: This is the username (ubuntu) and the IP address of the remote server you want to access.
Then you would be asked to input this command.
ssh -o 'IdentityFile <PATH TO PEM FILE>' 'ubuntu@<INSTANCE-PUBLIC-IP>'
You have not successfully access the remote machine. To see if it would work when you try it again you can
exit
Step 3: Test Passwordless Authentication
Whenever you want to log in to the machine subsequent time use,
ssh username@server_ip_address
If everything is configured correctly, you should be able to log in without being prompted for a password.
2. Setting Up Passwordless Authentication Using Password
While SSH key authentication is more secure, there are cases where password-based automation is required, such as in legacy systems or automation scripts.
You can manually connect or log into your instance or server.
Step 1: Access the sshd_config file
sudo vim /etc/ssh/sshd_config.d/60-cloudimg-settings.conf
Step 2: Update Password Authentication
Change the password authentication to YES
Step 3: Restart SSH
You restart the ssh to make the new changes take effect by running the command
sudo systemctl restart ssh
Step 4: Set Password
You set password that you would be asked subsequent when you want to log into that machine running the command.
sudo passwd ubuntu
Let's confirm that the password is set.
exit
ssh-copy-id ubuntu@<INSTANCE-PUBLIC-IP>
You would then be asked to input the set password you created above, after then you would run the command
ssh 'username@server_ip_address'
This method is generally not recommended for production environments due to security risks of storing plaintext passwords, but it can be useful for automated tasks in controlled environments.
NOTE
- Use SSH Keys: Public key authentication is more secure and should be preferred over password-based methods.
5. Conclusion
Passwordless authentication is a key feature in securing and ensuring fast server access. Using public keys is the recommended method for passwordless SSH logins due to its enhanced security and ease of use.
By following the steps in this guide, you can set up secure passwordless authentication on your servers and improve your overall workflow efficiency.
Top comments (0)