Passwordless SSH logins offer vast security improvements over standard password login. Additionally once setup passwordless logins offer a convenience of not having to enter a password when logging in from the same system.
Open the configuration file.
sudo nano /etc/ssh/sshd_config
Uncomment and or modify the desired lines in the configuration file and save.
PermitRootLogin no PubkeyAuthentication yes RSAAuthentication yes
Root login can be controlled with
yes to allow,
no to disallow and
without-password to allow only with public key authentication. This should be set to
no in almost always for security purposes. Root access can still be gained with the use of
By default passwordless logins will fail because the relevant keywords are commented. Enable
PubkeyAuthentication by uncommenting the line and verifying it is set to
yes. If using rsa encryption
RSAAuthentication argument should be set to
yes otherwise to
no or it can be left commented out as it is by default.
Setup Passwordless SSH login
Generate the RSA keys.
ssh-keygen -t rsa -b 2048
Change the passphrase of the private key if or when needed.
Copy the key to remote server.
ssh-copy-id [email protected] -p 22
Enter the password of the remote system’s user when prompted. If using shared hosting the username should be the root account that was created when the service was first activated. This should be the same as the default ftp account though the password can and likely will differ. The port can be specified with the
-p argument otherwise it will default to port
Configure passwordless SSH login
Verify that only the expected keys were added on the remote system.
ssh [email protected] "cat ~/.ssh/authorized_keys"
Set permissions on the key file in case they are incorrect.
ssh [email protected] "sudo chmod 600 ~/.ssh/authorized_keys"
Set permissions on the SSH directory.
ssh [email protected] "chmod 700 ~/.ssh"
Set permission on the user home directory.
ssh [email protected] "chmod 700 ~/"
Login with SSH
Login to the remote server from Linux.
Enter the passphrase used when creating the key with ssh-keygen. If a password is still required verbose output can be enabled by adding the
-v argument to help troubleshoot the cause.
When permissions are incorrect a
Remote: Ignored authorized keys: bad ownership or modes for directory /home/username/.ssh error will be shown in the verbose output. This error will prevent passwordless logins. Permissions need to be set correctly on the
~/.ssh/authorized_keys file as well as
~/.ssh directory and even
~/ directory for the key based login to work.