To make SSH passwordless and allow only key-based authentication (no password authentication), you'll need to perform the following steps:
- Generate an SSH Key Pair (if not already done):
If you haven't already generated an SSH key pair, you can do so with the following command on your local machine:
ssh-keygen -t rsa -b 4096
This will create an SSH key pair in your ~/.ssh
directory, typically named id_rsa
(private key) and id_rsa.pub
(public key).
- Copy the Public Key to the Remote Server:
Use the ssh-copy-id
command to copy your public key to the remote server. Replace username
with your username on the remote server and remote_server_ip
with the server's IP address or hostname:
ssh-copy-id -i ~/.ssh/id_rsa.pub username@remote_server_ip
You'll be prompted to enter your remote server password for this step.
- Disable Password Authentication on the Remote Server:
To ensure that only key-based authentication is allowed, you should disable password authentication on the remote server. Edit the SSH server configuration file on the remote server with a text editor. You can use nano
, vim
, or any text editor you prefer:
sudo nano /etc/ssh/sshd_config
Find the following line:
#PasswordAuthentication yes
Uncomment it (remove the #
) and change it to:
PasswordAuthentication no
Save and exit the text editor.
- Restart the SSH Service:
To apply the changes, restart the SSH service on the remote server:
sudo systemctl restart ssh
- Test SSH Login:
Try to SSH into the remote server from your local machine. It should now only allow key-based authentication and not prompt for a password:
ssh username@remote_server_ip
You should be able to log in without a password.
By following these steps, you've configured SSH to allow only key-based authentication and disabled password authentication on the remote server, making SSH passwordless for your login sessions.
Top comments (0)