π Why Use SSH Passwordless Authentication? #
SSH (Secure Shell) is the foundation of modern remote system administration. While password-based authentication is easy to start with, it introduces serious risks:
- Vulnerable to brute-force attacks
- Inconvenient for automation and scripting
- Difficult to manage securely at scale
Key-based (passwordless) authentication solves these problems by using asymmetric cryptography, providing stronger security and seamless automation.
π How SSH Key Authentication Works #
SSH key authentication relies on a cryptographic challengeβresponse mechanism rather than transmitting secrets over the network.
- Private Key: Stored only on the client machine.
β οΈ Never share or copy this file. - Public Key: Stored on the server in a trusted list.
- Authentication Flow:
The server encrypts a challenge using the public key.
Only the matching private key can decrypt it, proving identity without revealing the key itself.
No passwords are exchanged at any stage.
ποΈ Step 1: Generate an SSH Key Pair #
On your local Linux machine, generate a strong RSA key pair:
ssh-keygen -t rsa -b 4096 -C "admin@vxworks.net"
Key Generation Notes #
-
Storage Location: Press
Enterto accept the default (~/.ssh/id_rsa) -
Passphrase (Optional):
- Leave empty for fully passwordless automation
- Use a passphrase for extra security (recommended with
ssh-agent)
Verify Key Files #
ls ~/.ssh/
# id_rsa β private key
# id_rsa.pub β public key
π€ Step 2: Install the Public Key on the Server #
The remote server must store your public key in its trusted key list.
Method A: Automatic (Recommended) #
ssh-copy-id user@remote_host
This command:
- Creates
~/.sshif missing - Sets correct permissions
- Appends the key safely
Method B: Manual Installation #
Display your public key:
cat ~/.ssh/id_rsa.pub
On the remote server, run:
mkdir -p ~/.ssh
chmod 700 ~/.ssh
echo "ssh-rsa AAAAB3Nza...[your_key]..." >> ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys
π‘οΈ Mandatory Permission Rules (Critical) #
SSH will refuse key authentication if permissions are too permissive.
| Path | Required Permission | Command |
|---|---|---|
~/.ssh/ |
700 (drwx------) |
chmod 700 ~/.ssh |
authorized_keys |
600 (-rw-------) |
chmod 600 ~/.ssh/authorized_keys |
id_rsa (private key) |
600 (-rw-------) |
chmod 600 ~/.ssh/id_rsa |
Incorrect permissions are the #1 cause of passwordless login failure.
βοΈ Simplify Logins with SSH Config #
To avoid typing long commands repeatedly, define connection aliases.
Edit your local SSH config:
nano ~/.ssh/config
Add:
Host my-server
HostName 192.168.1.100
User admin
IdentityFile ~/.ssh/id_rsa
Now connect with:
ssh my-server
π§ͺ Troubleshooting Common Issues #
-
Still prompted for password? Check
/etc/ssh/sshd_configon the server:PubkeyAuthentication yes -
Connection refused? Ensure port 22 (or your custom SSH port) is open in the firewall.
-
Verbose debugging:
ssh -v user@remote_hostThis shows exactly where authentication fails.
π§ Key Takeaways #
- SSH key authentication is more secure than passwords
- Correct file permissions are mandatory
- Ideal for automation, CI/CD, and remote administration
- SSH config files dramatically improve usability
Passwordless SSH is not just a convenience β it is a best practice for any serious Linux environment.