Understanding the Process
Before we start, it's essential to understand that we're creating a secure channel between your desktop and server. This involves:
- Generating a key pair: A public key and a private key.
- Copying the public key to the server.
- Configuring the server to trust this public key.
Step-by-Step Guide
1. Generate an SSH Key Pair on Your Desktop
- Open a terminal on your Linux desktop.
- Generate a new SSH key pair using the following command:
$ ssh-keygen -t rsa
- You'll be prompted to enter a file location. Press Enter to accept the default.
- You'll be asked for a passphrase. For simplicity, press Enter to create a key without a passphrase. Warning: This reduces security. Consider using a strong passphrase.
2. Locate the Public Key
The public key is typically located at ~/.ssh/id_rsa.pub. You can view its contents using:
$ cat ~/.ssh/id_rsa.pub
This public key should be copied to your remote server. We won't copy this public key manually, but use the ssh-copy-id commend in the next step.
3. Copy the Public Key to the Server
Use the ssh-copy-id command to securely copy the public key to the remote server:
$ ssh-copy-id user@server_ip
- Replace user with your username on the server.
- Replace server_ip with the server's IP address or hostname.
- You'll be prompted for the server's password.
4. Test the Passwordless Login
Try to log in to the server without a password:
$ ssh user@server_ip
Additional Considerations
- Security: While convenient, passwordless SSH without a passphrase is less secure. Consider using a strong passphrase or enabling two-factor authentication for added protection.
- SSH Agent: For multiple SSH connections, consider using an SSH agent to manage your private keys. This avoids repeated passphrase entry.
- Permissions: Ensure correct permissions on the .ssh directory and files. Use chmod 700 ~/.ssh and chmod 600 ~/.ssh/id_rsa* for strict permissions.
- Key Management: Regularly review and revoke keys if necessary.
- Disabling Password Login (Optional): For enhanced security, consider disabling password login in the server's SSH configuration file (/etc/ssh/sshd_config). Uncomment the line PasswordAuthentication no and restart the SSH service.
Remember: Treat your private key like a password. It grants full access to your server. Protect it accordingly.
This is how simple is it to setup a password less login to remote server from your desktop Linux box. You've established a secure and efficient way to access your Linux server without typing passwords.