Managing multiple Linux hosts can be troublesome when dealing with a large number of login passwords. Using SSH-KEY for logging into servers can effectively solve this problem. The following are the steps to achieve passwordless login to SSH using SSH-KEY. One set of SSH-KEY can be used for all servers.
- Use ssh-keygen to create the public and private keys for logging into remote SSH servers.
ssh-keygen -t [rsa|dsa] -C "comments"
-t can be used to choose between RSA and DSA keys
-C is optional for adding comments
After pressing enter, two files will be created in the ~/.ssh directory: id_dsa (private key) and id_dsa.pub (public key). Make sure to securely store the private key.
Copy the public key to the corresponding user's ~/.ssh/ directory on the server.
Execute the following command in the ~/.ssh/ directory of the server user:
cat id_dsa.pub >> authorized_keys
For the first time, use:
chmod 600 authorized_keys
Note that for security reasons, authorized_keys must have 600 permissions.
- Modify /etc/ssh/sshd_config to confirm if the public key authentication mode of SSHD is enabled:
# Allow public key authentication. Only applicable for SSH-2.
PubkeyAuthentication yes|no # Enable for SSH-2
Allow pure RSA public key authentication. Only applicable for SSH-1.
RSAAuthentication yes|no # Enable for SSH-1
- Exit the remote server and try logging in again:
- Modify /etc/ssh/sshd_config to disable password authentication for SSHD if needed:
Allow password-based authentication.
Allow challenge-response authentication.
- For MACOS systems, configure SSH connections locally by opening ~/.ssh/Config and editing the file. If it doesn't exist, create a new file.
Set preferred authentication method to public key
Set the location of the private key file