SSH: Passwordless Authentication

ssh is an amazing protocol, and the beauty of it lies not only in its cryptographic security but also in ease of usage. One of the most unique features of ssh is to use it without using password, generally referred to as passwordless authentication or Key based authentication

This in general provides, a better security model as the keys cannot be bruteforced (they can be but bruteforcing them would need a very powerful machine and a VERY long time.)

Uses

1. Allows Secure way of logging into your machine

2. Prevents password misuse or remembering of the passwords in general

3. Eases the process of utilizing ssh for scripting from client side

4. Enhances Security in the long run.

Enabling Passwordless Authentication

So suppose that the machine you want to securely authenticate with is:

testuser@testuser.host.ircnow.org and password is test123

then from the client machine (your machine through which you are connecting to vps) there are in general three ways to transfer your ssh keys:

1. Using ssh-copy-id command (Only works on few linux distros)

  For this, all you need to do is ssh-copy-id testuser@testuser.host.ircnow.org and then enter your password, and ssh again and it will not ask password again.

2. Copying using ssh

  Well, this is slightly manual method, but basically you copy paste it to the remote machine and provide password.

  cat ~/.ssh/id_rsa.pub | sshtestuser@testuser.host.ircnow.org "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"

3. Manually Copying by sshing into the server

  Technically same method as above, but instead of a string of pipes and ssh, you manually copy paste the passwords in `~/.ssh/authorized_keys`

Disabling Password authentication

This is important as so far, we have enabled password less auth, but we have not disabled the password login, this basically defeats the purpose of security as the others can still try to brute force your passwords.

So as to do that, edit /etc/ssh/ssh_config and add

PasswordAuthentication no
ChallengeResponseAuthentication no
UsePAM no
kill -HUP `cat /var/run/sshd.pid`
# Notice the ` before cat and after pid.