Skip to main content
  1. posts/

Set Up Passwordless SSH Access to Your Server

Tutorial DevOps

Setting up passwordless SSH access allows you to log into your server securely without typing a password every time. This is done using SSH key pairs: a private key on your local machine and a public key on the server.

Prerequisites #

Before starting, make sure you have:

  • Terminal or command-line access on both your local machine and the remote server.
  • The ability to log into the remote server with a username and password (needed only for the initial setup).

Step 1: Generate an SSH Key Pair on Your Local Machine #

  1. Open your terminal.

  2. Run the following command to generate a new SSH key pair:

    ssh-keygen -t ed25519

This will create two files in your ~/.ssh/ directory:

  • id_ed25519 → Your private key (keep this secure and never share it).
  • id_ed25519.pub → Your public key (this will be copied to the server).

Notes:

  • ed25519 is a secure and efficient key type.
  • When prompted for a location to save the key, press Enter to accept the default (~/.ssh/id_ed25519).
  • When asked for a passphrase, press Enter twice to leave it empty for true passwordless access.
    • ⚠️ Leaving the passphrase empty makes it less secure if your local machine is compromised.

Step 2: Copy Your Public Key to the Remote Server #

The easiest way is to use the ssh-copy-id command:

ssh-copy-id remote_username@remote_IP_address

Replace:

  • remote_username → your server username
  • remote_IP_address → your server’s IP address or hostname

Notes:

  • You’ll be asked to confirm the server’s authenticity. Type yes and press Enter.
  • Enter the remote user’s password one last time.
  • Your public key will be automatically appended to the ~/.ssh/authorized_keys file on the server.

Tip

  • If ssh-copy-id is not available, you can manually copy the public key using: 
    cat ~/.ssh/id_ed25519.pub | ssh remote_username@remote_IP_address "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"

Step 3: Test the Connection #

Now try connecting to the server:

ssh remote_username@remote_IP_address

If everything was set up correctly, you should log in without being asked for a password.

Tip

  • If it still asks for a password, check file permissions on your server:

    chmod 700 ~/.ssh chmod 600 ~/.ssh/authorized_keys

Step 4 (Optional): Disable Password Authentication for Extra Security #

Once passwordless login works, you can make your server more secure by disabling password-based logins:

  1. SSH into your server.

  2. Open the SSH configuration file:

    sudo nano /etc/ssh/sshd_config

  3. Locate the line:

    PasswordAuthentication yes

    Change it to:

    PasswordAuthentication no

  4. Save and exit the editor.

  5. Restart SSH to apply changes:

    sudo systemctl restart sshd

Now, your server will only accept key-based logins.

⚠️ Only do this after confirming key-based login works. Losing your private key will lock you out.

Make sure to always keep a backup of your private key in a secure location. Losing it means losing access to your server if password logins are disabled.