SSH to a remote machine without password
This guide is provided by ChatGPT.
Answer from ChatGPT
To set up SSH to a remote machine without a password, you can use the following steps:
-
Generate a public and private key pair on your local machine using the ssh-keygen command:
-
Copy the public key to the remote machine using the ssh-copy-id command. This will add your public key to the remote machine's authorized_keys file:
-
After completing the above step, you can test your SSH connection by running the following command:
You should now be able to log in to the remote machine without being prompted for a password. Keep in mind that this setup only works if the remote machine's sshd configuration allows for passwordless authentication using public keys.
Explanation
ssh-keygen
ssh-keygen is a command-line tool used to generate public and private key pairs for SSH (Secure Shell) protocol. These keys are used to authenticate your local machine to a remote server or device, without requiring you to enter a password each time you connect.
When you run ssh-keygen, it generates a pair of keys: a private key and a public key.
- The private key (e.g. ~/.ssh/id_rsa) is stored on your local machine and should be kept secure, while the public key can be shared with any remote server you want to access.
- The public key (e.g. ~/.ssh/id_rsa.pub) is added to the authorized_keys file on the remote server, and when you connect to that server, your local machine sends the server your public key to prove your identity.
ssh-copy-id
ssh-copy-id is a command-line utility that is used to copy your SSH public key to a remote server, and add it to the authorized_keys filei (e.g. ~/.ssh/authorized_keys). This allows you to log in to the remote server without having to enter a password each time.
When you run the ssh-copy-id command followed by the remote username and host, it connects to the remote server and copies your public key to the authorized_keys file in the remote user's home directory. If the authorized_keys file doesn't exist, the command creates it. If the file already exists, the public key is appended to the end of the file, so any existing keys are not overwritten.
authorized_keys
A authorized_keys file can have multiple lines of public keys, each line is an authorized user's public key. When ssh remote connection is created, the user's private key will be matched to one of the public keys in this file.
- SSH interaction
+---------------------+ +---------------------+
| Local | | Remote |
+---------------------+ +---------------------+
| |
| TCP connection |
|-------------------------------------->|
| |
| SSH server banner |
|<--------------------------------------|
| |
| SSH client version |
|-------------------------------------->|
| |
| SSH server version and options |
|<--------------------------------------|
| |
| Client public key (if available) |
|-------------------------------------->|
| |
| Server host key(s) |
|<--------------------------------------|
| |
| Confirm host key fingerprint (once) |
| |
| |
| User authentication |
| |
| (public key or password prompt) |
|-------------------------------------->|
| |
| User session |
|<------------------------------------->|
| |
Importantly, The client verifies the host key fingerprint to ensure that it is connecting to the correct server. If the fingerprint is confirmed, the client authenticates itself to the server using either a public key or a password prompt.