Skip to content

Instantly share code, notes, and snippets.

@brandonsimpson

brandonsimpson/ssh_login_private_keys.md

Last active August 29, 2015 14:02
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save brandonsimpson/26a246e381f2f7088683 to your computer and use it in GitHub Desktop.
Save brandonsimpson/26a246e381f2f7088683 to your computer and use it in GitHub Desktop.
Download ZIP
Passwordless SSH logins with private key authentication
Raw
ssh_login_private_keys.md

###Passwordless SSH logins with private key authentication

  1. On local machine, create your ssh key files

    Run ssh-keygen -t rsa as your local user, and allow all defaults and no password. This will create your private key associated with your computer and a public key (~/.ssh/id_rsa.pub) file to be shared later.

  2. Login to remote server and make sure RSA Authentication and Public Key Authentication is on

$ ssh user@remotehost


  EDIT sshd_config (`sudo vi /etc/ssh/sshd_config`) and make sure you have the following lines:

	```
RSAAuthentication yes
PubkeyAuthentication yes

then reload ssh service if you made changes

```

$ sudo /etc/init.d/sshd reload


3. Add your new user on the remote server

	```
$ sudo adduser <your username>

Note: adduser creates the user's /home dir and password. See also useradd and passwd to create users without /home directories

To add sudo privileges for the new user run:

```

$ sudo adduser sudo


4. Setup new user’s .ssh directory and authorized_keys file:

	```
$ su <username>
$ cd ~
$ mkdir .ssh
$ chmod 700 .ssh
$ touch .ssh/authorized_keys
$ chmod 600 .ssh/authorized_keys
$ exit
$ exit

  1. From local machine, scp your local id_rsa.pub file to your remote server authorized_keys

$ cat ~/.ssh/id_rsa.pub | ssh username@remote 'cd .ssh; cat >> authorized_keys;’


	or with ssh username / port defined:

	```
$ cat ~/.ssh/id_rsa.pub | ssh -l <your username> <remote_server_address> -p 2222 'cd .ssh; cat >> authorized_keys;'

  1. Now you can login to the remote server via ssh without a password prompt:

$ ssh -l <remote_server_address> -p <ssh_port>


---

#### Root access:

If the user was setup to have sudoer rights, you can now manage the server with your login and not need to ever login as root to do root commands. If you still need to login as root, you can login as your user, then type: "su -“ and enter the root pw to login

#### Disable remote root ssh access:

If everything is setup correctly, and you have no problem logging in as your own ssh user to the remote server, you can then disable remote root ssh access for security.

EDIT sshd_config again (`sudo vi /etc/ssh/sshd_config`) and change the following line:

PermitRootLogin yes


to:

PermitRootLogin no


Then save the new sshd_config file, and reload ssh service again:

$ sudo /etc/init.d/sshd reload

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment