SSH Login Without a Password

John John (304)
5 minutes

There are a few reasons you might want to set up password-less login via SSH.

Manual login

For manual login, typing your password over and over is a pain—especially if you're doing this frequently.

Security

In general, password security is hard. You pretty much need to use a password manager to do it right, and if you're using the command line a lot, it can be a little bit cumbersome and time-consuming to look up passwords every time you need to log in to a remote machine.

Automated scripting

If your automated scripts need to log in to a remote machine, the only sensible solution is password-less login.

So in this guide, we're going to learn how to log in to a remote machine using SSH without a password using public key authentication.

Public key authentication

Public key authentication allows us to log in to a remote machine using a cryptographic key rather than a password. To configure public key authentication, we generate a key pair, upload the public key to the remote server, then use our private key to authenticate. Keep reading to learn how to set this up.

Posted in these interests:
h/linux41 guides
h/sysadmin12 guides

Before we get going, we need to get set up. So first, make sure you have access to a shell. On many unix platforms, you can use an app called Terminal, on Windows you can use PowerShell.

This may go without saying, but we must have a user configured (with SSH access) on a remote server. If you have a login user, make sure you know the username and password. For the remainder of this guide we'll use the following variables $USER and $PASSWORD to identify the credentials on the remote server. You can set these variables in your shell session to make copying and pasting these commands easier.

Obviously, replace the values with your own.

Linux + macOS
USER=remoteuser
PASSWORD=remotepassword
REMOTE=192.168.1.34
Windows

Before you can ssh into a server with PowerShell, you need to install OpenSSH. Open PowerShell as an administrator, and run the following command.

Add-WindowsCapability -Online -Name OpenSSH.Client~~~~0.0.1.0
To remote into a server using ssh with PowerShell, run the following command with your username and server address. You don't need an administrator instance of PowerShell to complete this step.
ssh $USER@$REMOTE
You will be prompted for a password.

To get started, we'll need to generate SSH keys. I'll cover the basic instructions in this step, but you can follow the linked guide for more details.

Linux + macOS

Open a shell, and type the following:

ssh-keygen -t rsa

You'll be asked for a location and passphrase. Unless you need to do otherwise, just use the default location and skip the passphrase. Hit enter when both prompts appear to continue.

Windows

Open PowerShell and run the following:

ssh-keygen
The keys will be generated in the specified directory, usually C:\Users\Your_Username/.ssh. You will be prompted to create a passphrase, but it isn't required.

To add the keys to the local Windows 10 keystore, run the following:

Start-Service ssh-agent
ssh-add .\.ssh\id_rsa

Now we'll copy the public key to the remote server:

Linux + macOS
scp ~/.ssh/id_rsa.pub $USER@$REMOTE:
Windows

PowerShell doesn't have a file transfer protocol built into it. You will need to move the public key to the remote server using a third-party application like PuTTY or WinSCP.

ssh $USER@$REMOTE

This should be the last time you have to enter your password.

Now we'll need to move the contents of our public key to a new location, and delete the original key file.

cat id_rsa.pub >> .ssh/authorized_keys
rm id_rsa.pub

You might need to create the .ssh directory. If so, run the following before the commands above:

mkdir .ssh

It's essential that .ssh and authorized_keys have the correct set of permissions, otherwise login will fail. The .ssh directory should be 700 (meaning the user has full permissions, while group and global users do not). The authorized_keys file should be 600 (meaning the user can read and write, but group and global users have no access).

chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys

Now, our work is done, and we can log out.

logout

Next time you SSH in to this remote machine, you should not be prompted for a password!

ssh $USER@$REMOTE
John John (304)
5 minutes

There are many reasons you might want to access your Comcast Xfinity router. For instance, you may want to change your wireless password or set up port forwarding for a project you are working on.