Password less authentication

Imagine you have 100 Linux servers to manage, and you keep typing in passwords each time you log in to a server, and it would be a nightmare. Hence, most system administrators set up password-less authentication on Linux servers.

password less authentication

It is always a good practice to set up SSH keys for authentication, which is also known as password-less authentication.

How does password-less authentication work?

So you have 100’s of Linux servers. So what you will do is set up a Jump server and from there you will be able to login to any of the servers without a password.

What you will basically do is add the key of the jump server and add it to the production server. So whenever you do ssh server-production you won’t be asked for any password.

How to set up password-less authentication?

In our example below, we are server-a is our jump server and server-b is our production server. So we will be able to log in from server-a to server-b without being asked for a password.

  1. Login to server-a and generate SSH keys using the ssh-keygen command
[root@server-a /]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/justgeek/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/justgeek/.ssh/id_rsa.
Your public key has been saved in /home/justgeek/.ssh/
The key fingerprint is:
SHA256:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx root@server
The key's randomart image is:
+---[RSA 2048]----+
|    .      ..oo..|
|   . . .  . .o.X.|
|    . . o.  ..+ B|
|   .   o.o  .+ ..|
|    ..o.S   o..  |
|   . %o=      .  |
|    @.B...     . |
|   o.=. o. . .  .|
|    .oo  E. . .. |

So we have successfully generated keys and now we need to copy the public key to our production server that is server-b in this example.

2. SSH to server-b using normal authentication method.

Now append the key mentioned in /home/justgeek/.ssh/ on server-a to server-b in the file /home/justgeek/.ssh/authorized_keys

/home/justgeek/.ssh/authorized_keys on server-b will look something like this.

[root@server-b]$ cat /home/justgeek/.ssh/authorized_keys
ssh-rsa QFSJZPPFWWFa4sLrqXPNyY2gJWtef7ZBYFEc19sl6BjnhwMMRnBrcGX1JBlm3fWW8+DwmwrG73LEomYk5KZNKV1nCNjwhLCanmmZwv8R6TIOrMASV4aOIFvVWgYDlKfQsmqZFKQm2H5Pem7qUGdJ962I9ZeC8pqPwYPR2YMrWiffMBlBXfqhfjiZlxyhuPeBr2YwPEyPoJ1iSdMarG3HgbCTkcfYHn4L9RMLvN4wrgkN3n1b8ArR3JV7kg0IIvxAAYlTQaZtl0f70yLSSO0SI1ZTQryPC0hWCS5Uz5T12YtEC85ymYhA\4vOnKebfXhuCsiGiCY5zVWNfXBNdXcXyeUrqV9HyKtjHdpcH6iB7MNSiIRn5F74== justgeek@server-a

Note: Key mentioned above is just an example, it’s not a real key 🙂 If you don’t want to copy the key manually, then you can use the simple command to copy the key to server-b

[root@server-a /]# ssh-copy-id justgeek@server-b
justgeek@server-b's password:
X11 forwarding request failed on channel 0

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'server-b'"
and check to make sure that only the key(s) you wanted were added.

You are all set !! now just run ssh justgeek@server-b from server-a and you won’t be ever asked for the password.

This is more secure than using a password. Also, you should consider disabling direct root login to the server

Leave a Comment