Create User and login without password(passwordless authentication)|Private/Public Key Based Authentication

Date Posted:04-05-2017

Using password based login is always security risk. Incase if the password is known to others then it will be easy for them to access the machine. To overcome this situation, its always good to create a user and login without password ie., key based authentication.

Prerequisites:

  1. Puttygen incase of windows machine.
  2. SSH root access of the server

Implementation:

Let’s start with create a private/public key pair on the local machine. We can use puttygen to create a private and public key. While creating the keypair, drag over the area to generate a random key. Once, the key generated click on Save Private key  to save the private key. Copy the key from public key area and we will be needing this key on the destination server.

Incase of linux machine, execute the below command to generate private/public key pair. While executing the command, it may ask for pass-phrase key. We are not going to use pass-phrase to make the process simple.

ssh-keygen -t rsa

The above command will create two files

id_rsa – This is a private key

id_rsa.pub – This is a public Key. We will be using this key on the server to authenticate the user. This is similar to the key which is on puttygen from windows.

Login to the server and create a new user.

useradd admin

Create necessary directory and modify the permissions, ownership

mkdir /home/admin/.ssh
chown admin. /home/admin/.ssh
chmod 700 /home/admin/.ssh/

Create authorized_keys file on the user directory. We had already generated the public key on the linux machine or windows machine.

vi /home/admin/.ssh/authorized_keys

Copy the key and paste it on authorized_keys file.

Modify the ownership and permission of the authorized_keys file.

chown admin. /home/admin/.ssh/authorized_keys

chmod 600  /home/admin/.ssh/authorized_keys

Now, we will be able to login to the server without password.

Verification:

From our local machine, execute the below command to login as admin user.

ssh -i /keypath/id_rsa admin@IPaddress

Incase of windows, open putty application. Enter the hostname as admin@IPaddress

Under Connection > SSH > Auth section, select private key path which we generated earlier. Click on Connect, this will login as admin user without password.

Additional Information:

Incase if we would like to give sudo privilege to user, execute the below command on the server.

echo "admin ALL=(ALL) NOPASSWD:ALL" >/etc/sudoers.d/admin

To become a root, type the below command after login as admin user

sudo su -

Since, we added admin user to sudo group, if we want to disable direct root login, we can follow the below articles to disable the same.

https://blog.pheonixsolutions.com/change-ssh-default-port-disable-ssh-root-login/

Post Views: 281

Leave a Reply