If you manage a Linux server, then you know how tedious it can be to enter your password every time you log in via SSH or copy files using scp. This tutorial introduces the use of SSH Key to achieve SSH passwordless login, and there is no need to enter a password when using scp to copy files. In addition to facilitating SSH login and SCP file copying, SSH passwordless login also adds another line of security to the Linux server.
SSH passwordless login setup steps
- First, we generate a pair of SSH Keys on our Linux system: SSH key and SSH public key. The key is kept on its own Linux system.
- Then the public key is uploaded to the Linux server. After that we can log in via SSH without a password. An SSH key is like your proof of identity.
1 Generate SSH keys and public keys on your own Linux system
Open a terminal and use ssh-keygen below to generate the RSA key and public key. -t indicates type, which means to generate an RSA encryption key.
ssh-keygen -t rsa
RSA is also the default encryption type. So you can also just enter ssh-keygen. The default RSA length is 2048 bits. If you are very security-conscious, you can specify a length of 4096 bits.
ssh-keygen -b 4096 -t rsa
During the process of generating SSH Key, you will be asked to specify a file to save the key. Just press Enter to use the default file. Then you need to enter a password to encrypt your SSH Key. The password must be at least 20 characters long. The SSH key will be saved in the .ssh/id_rsa file in the home directory. The SSH public key is saved in the .ssh/id_rsa.pub file.
Generating public/private rsa key pair. Enter file in which to save the key (/home/matrix/.ssh/id_rsa): 按Enter键 Enter passphrase (empty for no passphrase): 输入一个密码 Enter same passphrase again: 再次输入密码 Your identification has been saved in /home/matrix/.ssh/id_rsa. Your public key has been saved in /home/matrix/.ssh/id_rsa.pub. The key fingerprint is: e1:dc:ab:ae:b6:19:b0:19:74:d5:fe:57:3f:32:b4:d0 matrix@vivid The key's randomart image is: +---[RSA 4096]----+ | .. | | . . | | . . .. . | | . . o o.. E .| | o S ..o ...| | = ..+...| | o . . .o .| | .o . | | .++o | +-----------------+
If you look at the .ssh/id_rsa file, you will see that this file is encrypted. That is, it is encrypted with the password you entered.
less .ssh/id_rsa
2Upload the SSH public key to the Linux server
This can be done using the ssh-copy-id command.
ssh-copy-id username@remote-server
After entering the password of the remote user, the SSH public key will be automatically uploaded. The SSH public key is stored in the .ssh/authorized_keys file on the remote Linux server.
After the upload is completed, you do not need to enter the password again for SSH login. However, when you use SSH Key to log in for the first time, you need to enter the encryption password of the SSH key once. (You only need to enter it once, and you will be logged in automatically in the future. You no longer need to enter the password for the key.)
There is no need to enter a password when using the scp command to transfer files.
SSH Key knowledge
The Linux system has a keyring management program. The key ring is protected by the user's login password. When you log in to the Linux system, the key ring password will be automatically unlocked, allowing you to access the key ring. Passwords for SSH keys can also be stored in the keyring. Therefore, when you use an SSH key to log in to a remote Linux server for the first time, you need to enter the password of the SSH key once. In the future, you will no longer need to enter a password when logging in using an SSH key. The keyring program for Ubuntu is seahorse.
An SSH key is like your proof of identity. The remote Linux server uses the SSH public key you generated to encrypt a message, and only your SSH key can decrypt the message. Therefore, if others do not have your SSH key, they will not be able to decrypt the encrypted message, and thus they will not be able to log in to your Linux server.
Setting up SSH passwordless login is that simple.