Set Up Password-less Authentication for SSH

This is done on local machine by running

ssh-keygen -t rsa -b 4096 -C "[email protected]"

This command prompts for passphrase, create one if wanted or leave empty.

When done, a file is created with the name id_rsa.pub in the .ssh folder in home directory

/Users/USER/.ssh/id_rsa.pub

Example of the path to the SSH key

File contents can be viewed through Nano, Vim, or VSCode (if installed on local system and added to PATH)

code /Users/USER/.ssh/id_rsa.pub
# OR
vim /Users/USER/.ssh/id_rsa.pub
# OR
nano /Users/USER/.ssh/id_rsa.pub

The key can be viewed there and copied to the remote machine.

The easiest way of copying this key to a remote machine is by running

ssh-copy-id [email protected]

Whereas root is the username on remote machine and 1.2.3.4 is its IP address.

This should copy the key to the remote machine and set up password-less authentication and you’re ready to go.

For an extra layer of security and to stop brute-force attacks on server. Password authentication can be disabled

The following file can be edited on the remote machine with any text editor

nano /etc/ssh/sshd_config

The following directives should be changed to these values

PasswordAuthentication no
ChallengeResponseAuthentication no
UsePAM no

Then restart SSH service

sudo systemctl restart ssh

And we’re done!