SARPi Project - Slackware ARM on a Raspberry Pi


SSH login without a password

Setting up SSH login without having to enter a password is relatively easy, convenient, and can save quite a bit of time in the long run. The reason(s) for doing so offers many benefits, and in most cases zero drawbacks.

For example, it can be a real headache if/when you've been locked out of a remote system due to entering the password incorrectly too many times. Or if/when you want to only allow known authorized keys and disable password authentication to a remote system. Such rationales, along with many other vindications, are why passwordless SSH login is always a good idea. This process can be achieved using only the command line in Slackware ARM.

For the purpose of this mini-project we will be using a Slackware ARM current system with the hostname 'torq" and under the username 'dave'.

Generating a pair of authentication keys

The first thing to do is generate a pair of authentication keys. To ensure a strong encryption level for our keys, we'll do this using 4096-bit encryption. Like this:

dave@torq:~$ ssh-keygen -b 4096

When asked to enter a file in which to save the key, just hit the ENTER key to accept the default:

Generating public/private rsa key pair.
Enter file in which to save the key (/home/dave/.ssh/id_rsa):

Do the same for a passphrase, just hit the ENTER key each time to accept the default:

Created directory '/home/dave/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:

Now your private and public identification keys will be created. Here's the full output in the screenshot below:

NB: The 'id_rsa' file contains your private key. The 'id_rsa.pub' file contains your public key. The private key always resides on YOUR system and is never shared, that's why it's called the 'private' key. ONLY the public key is shared and/or copied to another system. Remember this and also to keep both these files in a very safe place, and make backups of them in case you lose them.

Copying public identification key to a remote system

With the identification keys generated and in place, it's now time to copy the public key to the system on which you intend to login via SSH. This is achieved with the 'ssh-copy-id' command.

The remote system on which we want to SSH login without a password has an IP address of '192.168.1.252' and the username we're logging in with is 'remote_userid'. Obviously you will use the IP address or hostname of your own remote system here.

dave@torq:~$ ssh-copy-id remote_userid@192.168.1.242

You'll receive some output asking you to confirm that this is what you wish to do. Just answer 'yes' when asked.

/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/dave/.ssh/id_rsa.pub"
The authenticity of host '192.168.1.242 (192.168.1.242)' can't be established.
ED25519 key fingerprint is SHA256:jWohjMDTbzN8tsjGF7YuPyuPteswaTaNaTEQct41gj8.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes

Then you'll be prompted to enter the password for the 'remote_userid' on the remote system.

/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
(remote_userid@192.168.1.242) Password:

Once you've entered the correct password, your public key will be copied to the remote system into the '/home/remote_userid/.ssh/authorized_keys' file. Remember, the username and system you'll be dealing with will be completely different from the ones in this example.

Here's the full output from the 'ssh-copy-id' command in the screenshot below:

So far so good.

Logging in with SSH without using a password

To login via SSH on command line just do it the usual way. Only this time, after hitting the ENTER key, you will not be prompted to enter a login password.

dave@torq:~$ ssh remote_userid@192.168.1.242

As expected, it has worked perfectly and allowed us to login without any password because the identification keys took care of the authorisation process for us. Incidentally, the remote system IP address '192.168.1.242' has resolved to the system's 'kron' HOSTNAME after we've logged in. See the result(s) in the screenshot below:

As a final task, and in the interests of prudent security, check and change the permissions of the '.ssh' directory and 'authorized_keys' file on the remote system to ensure no other user(s) can access it.

remote_userid@kron:~$ chmod 700 .ssh
remote_userid@kron:~$ chmod 640 .ssh/authorized_keys

Using the same identification keys, this passwordless login procedure can be achieved using Putty, OpenSSH, FileZilla, WinSCP, or any other client software which uses SSH login authentication.

Well done, if you have been successful. Entering passwords for SSH logins is not required any longer.

Thanks!

Thank you for reading and taking part in this fun little project. We hope others find it as interesting and educational as we did.

If you have any questions or need help, visit the Slackware ARM Forum on Linux Questions. Or get in touch on the #SARPi IRC channel on Freenode.net.


Back to Top


Updated: 2021-04-06 12:46:18 UTC

Disclaimer: The SARPi Project website is for non-commercial and general information purposes only. The content is provided by Penthux.NET and while we endeavour to keep information up to date and correct, we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability or availability with respect to the website or any information, software, products, services, or related graphics which is available on the website for any purpose. Any reliance you place on such information is therefore strictly at your own risk. In no event will Penthux.NET be liable for any loss or damage including without limitation, indirect or consequential loss or damage, or any loss or damage whatsoever arising from loss of data or profits arising out of, or in connection with, the use of this website or any of its contents. Through this website you are able to visit other websites which are not under our control. Penthux.NET has no influence over the nature, content or availability of any external URLs. The inclusion of any URLs does not necessarily imply a recommendation or endorsement of any content therein. Every effort is made to ensure the SARPi Project website remains accessible. However, Penthux.NET takes no responsibility for, and will not be liable for, the SARPi Project website being temporarily unavailable due to technical issues beyond our control. Penthux.NET is in no way affiliated with Slackware Linux, Inc, or the Linux Foundation, or the Raspberry Pi Foundation, or any of their members, trustees, partners, or associates.


Accept!
SARPi Project uses cookies for website traffic & data analysis. [ Cookie Policy ]