###Passwordless SSH logins with private key authentication
-
On local machine, create your ssh key files
Run
ssh-keygen -t rsa
as your local user, and allow all defaults and no password. This will create your private key associated with your computer and a public key (~/.ssh/id_rsa.pub) file to be shared later. -
Login to remote server and make sure RSA Authentication and Public Key Authentication is on
$ ssh user@remotehost
EDIT sshd_config (`sudo vi /etc/ssh/sshd_config`) and make sure you have the following lines:
```
RSAAuthentication yes
PubkeyAuthentication yes
then reload ssh service if you made changes
```
$ sudo /etc/init.d/sshd reload
3. Add your new user on the remote server
```
$ sudo adduser <your username>
Note: adduser creates the user's /home dir and password. See also useradd and passwd to create users without /home directories
To add sudo privileges for the new user run:
```
$ sudo adduser sudo
4. Setup new user’s .ssh directory and authorized_keys file:
```
$ su <username>
$ cd ~
$ mkdir .ssh
$ chmod 700 .ssh
$ touch .ssh/authorized_keys
$ chmod 600 .ssh/authorized_keys
$ exit
$ exit
-
From local machine, scp your local id_rsa.pub file to your remote server authorized_keys
$ cat ~/.ssh/id_rsa.pub | ssh username@remote 'cd .ssh; cat >> authorized_keys;’
or with ssh username / port defined:
```
$ cat ~/.ssh/id_rsa.pub | ssh -l <your username> <remote_server_address> -p 2222 'cd .ssh; cat >> authorized_keys;'
-
Now you can login to the remote server via ssh without a password prompt:
$ ssh -l <remote_server_address> -p <ssh_port>
---
#### Root access:
If the user was setup to have sudoer rights, you can now manage the server with your login and not need to ever login as root to do root commands. If you still need to login as root, you can login as your user, then type: "su -“ and enter the root pw to login
#### Disable remote root ssh access:
If everything is setup correctly, and you have no problem logging in as your own ssh user to the remote server, you can then disable remote root ssh access for security.
EDIT sshd_config again (`sudo vi /etc/ssh/sshd_config`) and change the following line:
PermitRootLogin yes
to:
PermitRootLogin no
Then save the new sshd_config file, and reload ssh service again:
$ sudo /etc/init.d/sshd reload