SSH: Passwordless Authentication
ssh is an amazing protocol, and the beauty of it lies not only in its cryptographic security but also in ease of usage. One of the most unique features of ssh is to use it without using password, generally referred to as
passwordless authentication or
Key based authentication
This in general provides, a better security model as the keys cannot be bruteforced (they can be but bruteforcing them would need a very powerful machine and a VERY long time.)
1. Allows Secure way of logging into your machine
2. Prevents password misuse or remembering of the passwords in general
3. Eases the process of utilizing ssh for scripting from client side
4. Enhances Security in the long run.
Enabling Passwordless Authentication
So suppose that the machine you want to securely authenticate with is:
email@example.com and password is
then from the client machine (your machine through which you are connecting to vps) there are in general three ways to transfer your ssh keys:
ssh-copy-id command (Only works on few linux distros)
For this, all you need to do is
ssh-copy-id firstname.lastname@example.org then enter your password, and ssh again and it will not ask password again.
2. Copying using ssh
Well, this is slightly manual method, but basically you copy paste it to the remote machine and provide password.
cat ~/.ssh/id_rsa.pub | email@example.com "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"
3. Manually Copying by sshing into the server
Technically same method as above, but instead of a string of pipes and ssh, you manually copy paste the passwords in `~/.ssh/authorized_keys`
Disabling Password authentication
This is important as so far, we have enabled password less auth, but we have not disabled the password login, this basically defeats the purpose of security as the others can still try to brute force your passwords.
So as to do that, edit
/etc/ssh/sshd_config and add
PasswordAuthentication no ChallengeResponseAuthentication no
kill -HUP `cat /var/run/sshd.pid` # Notice the ` before cat and after pid.