SSH or Secure SHELL is the most popular and trusted UNIX-based cryptographic network protocol. It can be used for secure data communication, remote server logins, remote command execution, and many other secure network services between two networked servers.
Normally, password authentication is used to connect to a remote server via SSH. In this blog tutorial we will show you how to login to a remote Linux VPS without password, using SSH keys. This method is more secure than using a password.
First of all, we need to generate the public and private keys. We will use the RSA (Rivest-Shamir-Adleman) cryptosystem.
ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): PRESS ENTER Enter passphrase (empty for no passphrase): PRESS ENTER Enter same passphrase again: PRESS ENTER Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: 4a:91:e0:19:89:37:41:ce:3e:ff:56:2c:02:eb:65:cb root@LOCALSERVER The key's randomart image is: +--[ RSA 2048]----+ | o=o | | .+++ . | | .=.o | | .. . | | oo. S. | | .++.. o | | . +oo o | | . E.. | | .. | +-----------------+
This will create 2048 bit public and private keys in the ‘/root/.ssh/’ directory on your server
ls /root/.ssh/ id_rsa id_rsa.pub
Create a new ‘.ssh’ directory on the remote server
ssh root@REMOTE_SERVER mkdir -p .ssh
The -p for mkdir will create all directories leading up to the given directory that do not exist already. If the given directory already exists, ignore the error. -p is most often used when using mkdir to build up complex directory hierarchies, in case a necessary directory is missing or already there. For more detail: mkdir wiki
Copy the newly generated public key to the remote server you want to SSH without password
cat /root/.ssh/id_rsa.pub | ssh root@REMOTE_SERVER 'cat >> /root/.ssh/authorized_keys'
Change the permissions of the public key and the ‘.ssh’ directory
ssh root@REMOTE_SERVER "chmod 700 .ssh; chmod 600 .ssh/authorized_keys"
Now, login to the remote server and configure the SSH server to accept key authentication. Open the SSH configuration file
And make sure that the following three options are not commented and ‘RSAAuthentication’ and ‘PubkeyAuthentication’ are set to ‘yes’.
RSAAuthentication yes PubkeyAuthentication yes AuthorizedKeysFile %h/.ssh/authorized_keys
Save the changes and restart the SSH server
That’s all. You should be able to the remote server without password
If you use chrome’s secure shell extension, just click the import and select the private key and then connect.