How to Setup / Upgrade Passwordless SSH Logon to Ubuntu 14.04

March 2, 2015 | By
| 2 Replies More

Hi all, today we'll gonna learn how we can setup Passwordless SSH Logon to Ubuntu 14.04 "Trusty". Only the workstations having the correct matching key pair (private and public) will be allowed to logon to the SSH server, without the key paring, access will not be allowed.

Usually, we need to enter username and password combination to connect to an SSH console. If the combination is correct to that of the system's then, we get access to the server else we are denied from the access. But, there is something more secure than Password logon, we have passwordless SSH logon using the encrypted keys.

If you want to enable this secured option, we can simply disable password-logon and only allow logon using an encryption key. When using encryption keys option, the client computer generates a private and public key pair. The client then must upload the public key to the SSH server authorized_key file. Before access is granted, the server and client computer validate the key pair. If the public key on the server matches the private key submitted via the client then access will be granted else will be denied.

This is a very secure way authenticating to a SSH server and it’s a recommended method if you wish to implement secure logon with single user SSH logon. Here's a quick step-wise process on how to enable Passwordless SSH logon.

1. Installing Openssh Server

First off all, we'll need to update our local repository index. To do so, we'll first need to run apt-get update as shown below.

$ sudo apt-get update

Updating Repo Index

Now, we can install openssh-server by running following command.

$ sudo apt-get install openssh-server

Installing openssh server

2. Enabling Openssh Server

Now, we'll want to enable OpenSSH server after we successfully installed it on our Ubuntu 14.04 Operating System. The command to enable/start the server is given as follows.

$ sudo service ssh start

OR

$ sudo /etc/init.d/ssh start

3. Configuring Key Pair

After we have installed our OpenSSH Server and enabled it. We'll now finally wanna go for generating our Public and Private Key Pair. To do that, run the following command in a terminal or console.

$ ssh-keygen -t rsa

After running the above command, we'll be prompted to complete a series of tasks. The first will be where to save the keys, press Enter to choose the default location which is in a hidden .ssh folder in the home directory. The next prompt will be to enter the Paraphrase. I personally leave this blank (just press enter) to continue. It will then create the key pair and we’re done.

Generating Key Pair

After generation of the key pair, we will need to copy the client’s public key to the SSH server or host inorder to create trusted relationship with it. We'll need to run the commands below to copy the client public key to the server.

$ ssh-copy-id user@ip_address

After the public key is copied to the server, we can now go and disable password logon via SSH. To do that, we'll need to open /etc/ssh/sshd_config via a text editor by run the commands below.

$ sudo nano /etc/ssh/sshd_config

Now, we'll need to uncomment the lines and set the values as shown below.

Configuring sshd Config

4. Upgrading SSH keys for Security

It's best practice to enable SSH public key authentication rather than using passwords over the networks. However, it's equally important to renew your SSH keys on frequent time interval for more safety. At times, people keep on using the same SSH keys over years. Recently, it was reported as the DSA and RSA 1024 bit keys to be deprecated. I advise you to upgrade those keys to the latest Ed25519 key with fast and compact elliptic-curve cryptography with high security signatures. You can generate those keys with a single command ssh-keygen -o -a 100 -t ed25519 as below:

ssh

You can have your identification file "~/.ssh/id_ed25519" saved along with your other keys in the .ssh folder. You can copy your public keys ~/.ssh/id_ed25519.pub over to the target hosts for authentication.

5. Restarting the SSH Server

Finally, after we are done configuring SSH Server, we'll want to restart our SSH Server so that all the changes will take affect. To restart one can run the following command in a terminal or the console.

$ sudo service ssh restart

OR

$ sudo /etc/init.d/ssh restart

Restarting ssh

Finally, we can now ssh in to the server without a password and only from the client having the same key pair not the password.

Conclusion

Hurray! We have successfully enabled Passwordless SSH logon. It is a lot secure to enable Encrypted Key Pair SSH logon . This is a very secure way authenticating to a SSH server and it’s a recommended method if you wish to implement secure logon with single user SSH logon. So, if you have any questions, suggestions, feedback please write them in the comment box below. Thank you ! Enjoy Encrypted Secure SSH Login :-)

Filed Under : UBUNTU HOWTO

Tagged With : ,

Free Linux Ebook to Download

Comments (2)

Trackback URL | Comments RSS Feed

  1. realware says:

    There's a typo where you say to edit ssh_config

Leave a Reply

Commenting Policy:
Promotion of your products ? Comment gets deleted.
All comments are subject to moderation.