How to Configure SSH Passwordless Authentication from Linux Client to Remote Server

SSH, or Secure Shell, is a network protocol that allows secure communication between two computers over an insecure network. It provides a safe way to access and manage remote servers

Key Components:

1. Encryption: SSH uses strong encryption to secure data exchanged between the client and server.
2. Authentication: It supports various authentication methods, such as passwords and public key authentication.
3. Integrity: Ensures that the data sent and received is not altered during transit

SSH supports multiple encryption algorithms to secure the communication between the client and server. Here are some of the commonly used encryption algorithms:

Symmetric Encryption Algorithms

AES (Advanced Encryption Standard):

1. AES-128
2. AES-192
3. AES-256
4. 3DES (Triple Data Encryption Standard)
5. Blowfish

Asymmetric Encryption Algorithms (for Key Exchange)

1. RSA (Rivest–Shamir–Adleman)
2. DSA (Digital Signature Algorithm)
3. ECDSA (Elliptic Curve Digital Signature Algorithm)
4. ED25519: A high-security alternative to ECDSA and RSA

MAC (Message Authentication Code) Algorithms

1. HMAC-SHA1
2. HMAC-SHA2 (256-bit, 384-bit, 512-bit)
3. HMAC-MD5

These encryption algorithms ensure the confidentiality, integrity, and authenticity of the data exchanged over SSH. The specific algorithms used can be configured in the SSH server and client configuration files.

Configure SSH Passwordless Authentication

We have 2 VM's like Linux Client (RHEL8) and Remote Server-1(Ubuntu22) and Remote Server-2(SUSE12) , we are going to set up passwordless authentication from RHEL Client VM to Ubuntu22 Remote server with SSH Keys.

Client/Server	VM Name	IP Address	UserName-1	UserName-2	UserName-3
Linux Client	RHEL8	10.10.0.5	naveen
Remote server-1	Ubuntu22	10.10.0.8	naveen	kumar	root
Remote server-2	SUSE12	10.10.0.13	navi	anvi	root

Step 1: Generate the SSH Key Pair on Client VM i.e RHEL8

Note: We have to execute these steps in Client VM - RHEL8, it will generate private and public key and then we have to copy the public key into remote server user.

[naveen@RHEL8 .ssh]$ pwd

/home/naveen/.ssh

[naveen@RHEL8 .ssh]$ ls -lrt

total 0

-rw-------. 1 naveen naveen 0 Jul 21 06:22 authorized_keys

-rw-r--r--  1 naveen naveen 0 Dec 24 12:32 known_hosts

[naveen@RHEL8 .ssh]$ ssh-keygen                                                <==== press enter

Generating public/private rsa key pair.

Enter file in which to save the key (/home/naveen/.ssh/id_rsa):      <==== press enter

Enter passphrase (empty for no passphrase):                                   <==== press enter

Enter same passphrase again:                      & nbsp;                                    <==== press enter

Your identification has been saved in /home/naveen/.ssh/id_rsa.

Your public key has been saved in /home/naveen/.ssh/id_rsa.pub.

The key fingerprint is:

SHA256:OqvmpB/mjq1fmkUnYVRyY9Bbsmb0+TMzX7DvdPaOFAg naveen@RHEL8

The key's randomart image is:

+---[RSA 3072]----+

|      ++=        |

|     . ++..      |

|      o. *E.     |

|     . .= o. ..  |

|      ooS  .. .o |

|     . +    * ...|

|    + =      *.o+|

|   B.* o     ..++|

|  +B@..       .o+|

+----[SHA256]-----+

[naveen@RHEL8 .ssh]$

It will create the 2 files under /home/naveen/.ssh 

a) id_rsa.pub  ==> which is public key 

b) id_rsa         ==> which is private key 

[naveen@RHEL8 .ssh]$ ls -lrt

-rw-------. 1 naveen naveen    0 Jul 21 06:22 authorized_keys

-rw-r--r--  1 naveen naveen    0 Dec 24 12:32 known_hosts

-rw-r--r--  1 naveen naveen  566 Dec 24 13:03 id_rsa.pub

-rw-------  1 naveen naveen 2602 Dec 24 13:03 id_rsa

Step 2: Copy Public Key to Remote Server-1 (Ubuntu22)

Use the ssh-copy-id command to copy your public key to the Remote server-1.

Syntax : ssh-copy-id USER_NAME@REMOTE-SERVER-IP/HOSTNAME

[naveen@RHEL8 .ssh]$ ssh-copy-id naveen@10.10.0.8

Note: If you dont have SSH access to Remote server directly , you can copy the public key file and add to /home/naveen/.ssh/authorized_keys of remote server

Note: It should be single line file and you can check with cat -n authorized_keys , if the public key is showing more than 1 lines, then its wont work.

Remote Server-1 Authorization Key Ubuntu22 for the user 1

Step 3: Verify Passwordless Authentication

Additional Tips: 

Permissions: Ensure that the .ssh directory and the authorized_keys file on the Remote Server have the correct permissions:

chmod 700 ~/.ssh

chmod 600 ~/.ssh/authorized_keys

Security: If you used a passphrase when generating the SSH key, you will be prompted to enter it when using SSH. If you want completely passwordless authentication, leave the passphrase empty.

Important Points on Passwordless Authentication

1) You have to generate the SSH Keys on Client VM only and you can access the multiple VM's and multiple users with same Public Key and you dont need to create multiple keys for multiple users and multiple remote servers 

Now , we are  going to copy the same public key to different user on same server 

Client/Server	VM Name	IP Address	UserName-2	UserName-3
Linux Client	RHEL	10.10.0.5	naveen
Remote server-1	Ubuntu22	10.10.0.8	kumar	root

We are copying the public keys to multiple users like kumar and root and we can access passwordless authentication with same key.

Accessing the remote server with multiple user with same public key 

Copying the same public key to root user of another remote server SUSE12 and access without password

.