After using Amazon AWS virtual server instances, I found out, that using a pre-generated file – key or certificate known both to server and client, the client does not have to connect to server using password. It is easy, when connecting to server using ssh command line with -i parameter (identity file), pass a link to .pem file stored on you local computer, for example:
$ ssh -i ~/path_to_your_key/myprivateKey.pem firstname.lastname@example.org
myprivatekey.pem is a file containing public certificate, ubuntu is username and then add @your.public.ip.address or hostname. PEM file is not hard to get, for example Amazon AWS EC2 Console will let you generate this file.
Server with SSH access and password – enable authentication without using password
I have recently start using digitalocean server droplet, they provided me with login information: my public IP address, username: root and password: pre-generated password. It is a standard procedure.
Now how to make this work without using password, using just a .pem file?
- First step is to generate Key Pair and PEM file.
- Next step is to upload certificate to your remote server in command line using SSH, first time with password.
- Last step, testing connection client to server without using a password.
1) How to generate a Key Pair for authentication without password
$ ssh-keygen -t rsa -b 2048 -v
Enter this command to generate 2,048 bit RSA key using verbose (questions asked during) mode, and a public .pem X.509 certificate.
Generating public/private rsa key pair.
Enter file in which to save the key (/home/anonymouse/.ssh/id_rsa): name-of-your-file
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in
Your public key has been saved in
The key fingerprint is:
You will be asked for a file name, I place here “name-of-your-file” choose your file name instead, it will generate a name-of-your-file.pub file and the name-of-your-file file without file extension, rename it to name-of-your-file.pem, files are created in the current directory you have open in terminal window. You will be asked to enter passphrase, it is for securing the certificate on your local machine, I ignored this option by pressing enter, as it is voluntary option.
2) Uploading the generated certificate from client computer to server
This is done so server can recognize client, the both have access to these certificates and compare them. To upload certificate on the server, we need to establish a secure connection and this time, if everything goes well, it may be the last time using the password.
$ ssh-copy-id -i ~/name-of-your-file.pub root@
Now try logging into the machine, with “ssh ‘email@example.com′”, and check in:
~/.ssh/authorized_keys to make sure we haven’t added extra keys that you weren’t expecting, you may still want to use a password.
So to check, id you have successfully uploaded your key to the server, login to the server:
$ sudo nano ~/.ssh/authorized_keys or
$ sudo cat
~/.ssh/authorized_keys, you should see a file with a one or more lines of random characters, these are the uploaded or generated keys known to this machine.
~/.ssh/authorized_keys looks like this, i cut off few hundred of characters from right of both lines:
Each line is a ssh-rsa key, you may want to check that you accidentally did not upload anything unwanted, but first of all, one of the lines should contain the exactly same content, as the name-of-your-file.pub (your .pub file, that was uploaded), you may open .pub file in any text editor on you local machine to make sure,
3) Test the connection
$ sudo ssh -i ~/name-of-your-file.pem firstname.lastname@example.org
Should connect you without using a password, notice, that I am not using .pub but .pem now, that is a file name-of-your-file, that we have renamed in step 1 to name-of-your-file.pem. You may have to confirm the Key Pair with “yes” on the first login. Both files were generated in step 1 using $ ssh-keygen -t rsa -b 2048 -v command, but one is generated without suffix.