SARPi Project - Slacking on a Raspberry Pi
SSH login without a password
Setting up SSH login without having to enter a password is relatively easy, convenient, and can save quite a bit of time in the long run. The reason(s) for doing so offers many benefits, and in most cases zero drawbacks.
For example, it can be a real headache if/when you've been locked out of a remote system due to entering the password incorrectly too many times. Or if/when you want to only allow known authorized keys and disable password authentication to a remote system. Such rationales, along with many other vindications, are why passwordless SSH login is always a good idea. This process can be achieved using only the command line in Slackware Linux.
For the purpose of this mini-project we will be using a Slackware AArch64 system with the hostname 'torq" and under the username 'dave'.
Generating a pair of authentication keys
The first thing to do is generate a pair of authentication keys. To ensure a strong encryption level for our keys, we'll do this using 4096-bit encryption. Like this:
When asked to enter a file in which to save the key, just hit the key to accept the default:
Enter file in which to save the key (/home/dave/.ssh/id_rsa):
Do the same for a passphrase, just hit the key each time to accept the default:
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Now your private and public identification keys will be created. Here's the full output in the screenshot below:
NB: The 'id_rsa' file contains your private key. The 'id_rsa.pub' file contains your public key. The private key always resides on YOUR system and is never shared, that's why it's called the 'private' key. ONLY the public key is shared and/or copied to another system. Remember this and also to keep both these files in a very safe place, and make backups of them in case you lose them.
Copying public identification key to a remote system
With the identification keys generated and in place, it's now time to copy the public key to the system on which you intend to login via SSH. This is achieved with the 'ssh-copy-id' command.
The remote system on which we want to SSH login without a password has an IP address of '192.168.1.242' and the username we're logging in with is 'remote_userid'. Obviously you will specify the username and IP address or hostname of your own remote system here.
You'll receive some output asking you to confirm that this is what you wish to do. Just answer 'yes' when asked.
The authenticity of host '192.168.1.242 (192.168.1.242)' can't be established.
ED25519 key fingerprint is SHA256:jWohjMDTbzN8tsjGF7YuPyuPteswaTaNaTEQct41gj8.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Then you'll be prompted to enter the password for the 'remote_userid' on the remote system.
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
(remote_userid@192.168.1.242) Password:
Once you've entered the correct password, your public key will be copied to the remote system into the '/home/remote_userid/.ssh/authorized_keys' file. Remember, the username and system you'll be dealing with will be completely different from the ones in this example.
Here's the full output from the 'ssh-copy-id' command in the screenshot below:
So far so good.
Logging in with SSH without using a password
To login via SSH on command line just do it the usual way. Only this time, after hitting the key, you will not be prompted to enter a login password.
As expected, it has worked perfectly and allowed us to login without any password because the identification keys took care of the authorisation process for us. Incidentally, the remote system IP address '192.168.1.242' has resolved to the system's 'kron' HOSTNAME after we've logged in. See the result(s) in the screenshot below:
As a final task, and in the interests of prudent security, check and change the permissions of the '.ssh' directory and 'authorized_keys' file on the remote system to ensure no other user(s) can access it.
remote_userid@kron:~$ chmod 640 .ssh/authorized_keys
Using the same identification keys, this passwordless login procedure can be achieved using Putty, OpenSSH, FileZilla, WinSCP, or any other client software which uses SSH login authentication.
Well done, if you have been successful. Entering passwords for SSH logins is not required any longer.
•
Thanks!
Thank you for reading and taking part in this SARPi mini-project. We hope you enjoyed it and found it interesting and educational.
Thanks also to Patrick Volkerding, and the entire Slackware Team, for producing a truly wonderful OS. Without you, and the work you do, the SARPi Project would not exist.
If you have any questions or need help, visit the Slackware Linux Forum on Linux Questions. Or get in touch on the #SARPi IRC channel on irc.libera.chat.
•