Hello!
Could you please explain to me the process of setting up passwordless ssh access?
Essentially, I aim to transfer files between my local machine and server through ssh without having to enter a password each time.
The current setup allows for file transfer but requires me to manually input the password. Are there any additional steps I can take to circumvent this password requirement?
To enable RSA and Public Key authentication for ssh, make changes to the file "/etc/ssh/sshd_config" by adding or uncommenting the lines below:
RSAAuthentication yes
PubkeyAuthentication yes
Once done, restart the ssh server.
In order to establish an ssh connection to your server without having to enter a password, you will need a public and private key pair. You can then provide the server with your public key, typically located in ~/.ssh/id_rsa.pub.
If you haven't generated a key pair for your user yet, you should review how to do so. Otherwise, you can use the ssh-copy-id command as follows:
ssh-copy-id -i ~/.ssh/id_rsa.pub user@remotehost
Here, 'user' refers to the user to which you're connecting, and 'remotehost' is the IP address of the remote machine. The '-i' option specifies the path to your public key that you wish to upload to the remote server.
This command will copy your public key to the remote server and add it to the ~/.ssh/authorized_keys file. If desired, you can manually create the ~/.ssh/authorized_keys file on the server and copy the contents of your public key file into it.
Once this has been completed, you can connect to the remote machine via ssh using your keys:
ssh user@remotehost
If ssh still prompts you for a password, check the permissions on the .ssh folder on the server. Your home directory should not have write permissions for other users, and the authorized_keys file should have 600 permissions.
To set appropriate permissions, run the following commands:
chmod g-w /home/youruser
chmod 700 /home/youruser/.ssh
chmod 600 /home/youruser/.ssh/authorized_keys
You should now be able to connect to the remote machine via ssh without having to enter a password.
Setting up passwordless SSH access can make it easier for you to transfer files between your local machine and your server. The general idea is to use SSH key pairs (public and private keys) for authentication rather than relying on passwords. Here's a guide to setting it up:
Generate a new SSH key pair on your local machine:
Open a terminal on your local machine and input the following command to generate a new SSH key pair. You may include your email as a way to identify the key.
ssh-keygеn -t rsa -b 4096 -C "your_email@example.com"
When the system prompts you to "Enter a file in which to save the key," press Enter to accept the default file location. The prompt usually looks like this: /home/you/.ssh/id_rsa.
At the prompt, type a secure passphrase, or, in your case, just press Enter twice to not use a passphrase as per the requirement(it is generally recommended to use passphrase for better security).
Once the key pair is generated, you'll need to place the public key on your server to set up public key authentication.
You can print your public key (which should be in ~/.ssh/id_rsa.pub unless you specified otherwise) with the following command:
cat ~/.ssh/id_rsa.pub
This should print a long string that starts with ssh-rsa.
Now, you need to add this key to the ~/.ssh/authorized_keys file on your server.
Copy the output from the previous step, then log into your server, open the ~/.ssh/authorized_keys file with a text editor (you may need to create the file and directory if they do not exist), and paste the content there.
ssh username@your_server_ip
mkdir -p ~/.ssh
nano ~/.ssh/authorized_keys
You'll then paste the copied key into this file, save it, and exit the editor.
For nano, to write out the file press Ctrl+O, then Enter to confirm. To exit, press Ctrl+X.
You should restrict the permissions of the .ssh directory and authorized_keys file on the server for security reasons.
Run the following commands on your server:
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys
Finally, try connecting from your local machine to your server via ssh. You should no longer be prompted for a password.
Please note that if you've changed the SSH server's default configuration, you may need to adjust these instructions accordingly, especially if the server is not set up to allow key-based authentication, or if it uses a non-standard port. Make sure your SSH server configuration (usually in /etc/ssh/sshd_config) includes the following:
RSAAuthentication yes
PubkeyAuthentication yes
Restart the SSH server after changing that file. How to do it depends on your system, but one of these commands should work:
sudo systemctl restart ssh
sudo service ssh restart
/etc/init.d/ssh restart
Remember, not using a passphrase for SSH keys can potentially expose your server to security risks if the keys are handled carelessly. It's highly recommended to secure your keys adequately (with strong filesystem permissions) or consider other methods of securing SSH, such as SSH-agent forwarding, or using utilities such as sshpass or expect to automate password entry.