Passwordless SSH logins on Linux

You Shall Not Password - Password-less SSH login

Passwordless SSH logins offer vast security improvements over standard password login. Additionally once setup passwordless logins offer a convenience of not having to enter a password when logging in from the same system.


Configure OpenSSH

Open the configuration file.

sudo nano /etc/ssh/sshd_config


Uncomment and or modify the desired lines in the configuration file and save.

PermitRootLogin no
PubkeyAuthentication yes
RSAAuthentication yes

Root login can be controlled with PermitRootLogin argument, yes to allow, no to disallow and without-password to allow only with public key authentication. This should be set to no in almost always for security purposes. Root access can still be gained with the use of sudo or su commands.

By default passwordless logins will fail because the relevant keywords are commented. Enable PubkeyAuthentication by uncommenting the line and verifying it is set to yes. If using rsa encryption RSAAuthentication argument should be set to yes otherwise to no or it can be left commented out as it is by default.


Setup Passwordless SSH login

Generate the RSA keys.

ssh-keygen -t rsa -b 2048


Change the passphrase of the private key if or when needed.

ssh-keygen -p


Copy the key to remote server.

ssh-copy-id [email protected] -p 22

Enter the password of the remote system’s user when prompted. If using shared hosting the username should be the root account that was created when the service was first activated. This should be the same as the default ftp account though the password can and likely will differ. The port can be specified with the -p argument otherwise it will default to port 22.


Configure passwordless SSH login

Verify that only the expected keys were added on the remote system.

ssh [email protected] "cat ~/.ssh/authorized_keys"


Set permissions on the key file in case they are incorrect.

ssh [email protected] "sudo chmod 600 ~/.ssh/authorized_keys"


Set permissions on the SSH directory.

ssh [email protected] "chmod 700 ~/.ssh"


Set permission on the user home directory.

ssh [email protected] "chmod 700 ~/"


Login with SSH

Login to the remote server from Linux.

ssh [email protected]

Enter the passphrase used when creating the key with ssh-keygen. If a password is still required verbose output can be enabled by adding the -v argument to help troubleshoot the cause.


When permissions are incorrect a Remote: Ignored authorized keys: bad ownership or modes for directory /home/username/.ssh error will be shown in the verbose output. This error will prevent passwordless logins. Permissions need to be set correctly on the ~/.ssh/authorized_keys file as well as ~/.ssh directory and even ~/ directory for the key based login to work.