14 Responses to “2 Simple Steps to Set up Passwordless SSH Login on Ubuntu

  • MrAdminus
    6 years ago

    Thank you for sharing the way howto store the key passphrase in the SSH Agent!

  • great article on this topic

    it will be very good if you update it time to time because of 2106 publish date…

    thanks

    • Xiao Guo-An (Admin)
      6 years ago

      Hi vahid,

      Thanks for your suggestion. I just modified a code on my website. Now the article update time is displayed, instead of the article publish time.

  • This was the most informative article, didn’t know about ssh-copy-id. But it still didn’t work.

    Here are my trouble shooting steps to get it to work:

    1) edited /etc/ssh/sshd_config ;set “LogLevel DEBUG”; restarted service

    2) /var/log/messages showed selinux blocking access to authorized keys; recommended action in the log didn’t work . Just disabled selinux … it’s a Virtualbox VM … rebooted

    3) /var/log/messages showing
    sshd[13969]: Authentication refused: bad ownership or modes for directory /home/meh/.ssh

    4) set them
    > chmod g-w /home/meh
    > chmod 700 /home/meh/.ssh
    > chmod 600 /home/meh/.ssh/authorized_keys

    Finally worked.

  • Thanks

  • Frank Godek
    4 years ago

    Great article. Thank you for making the steps so clear and easy to follow. I was wondering if there is any way to allow password authentication from a particular source IP address or network?

    Most of the servers I support are not accessible from the Internet via ssh. For the couple that are, I have changed the ssh port which really reduces the number of attempts to get in. I have passwordless login setup for those servers but I would like to allow password logins from one inside host so that I have a means of getting in (other than going to the console) if the key is ever lost.

    • Xiao Guoan (Admin)
      4 years ago

      Yes. There is. Open the SSH daemon config file.

      sudo nano /etc/ssh/sshd_config

      Add the following lines at the bottom of the file.

      Match Address 192.168.0.2
         PasswordAuthentication yes
      

      If the client is connecting from 192.168.0.2, then password authentication is allowed. You can add multiple IP address.

      Match Address 192.168.0.2/32, 192.168.0.3/32
         PasswordAuthentication yes
      

      Or use CIDR notation.

      Match Address 192.168.0.0/24
         PasswordAuthentication yes
      

      Save and close the file. Restart SSH.

      sudo systemctl restart sshd
  • Loc_rabbirt
    3 years ago

    I follow your article and now I have a question, I’ve disable the password authentication and it will disable the access to sftp directory in the file manager.

    I don’t want to use filezilla or something else to control the directory, I want use the default file manager in my ubuntu desktop and get access directly to the remote machine (CENTOS 7) without login again. Before, I setup sftp and it’s working fine, but if the password disable, it’s denied permission now.

  • AZAHAR HMED
    3 years ago

    I haven’t understood this line –

    Then edit .bash_profile or .profile file. Append the following text into it so these two commands will be executed every time the user login.

    /usr/bin/keychain $HOME/.ssh/id_rsa
    source $HOME/.keychain/$HOSTNAME-sh
    

    When I visited my root directory I can see this ” https://www.awesomescreenshot.com/image/6214942?key=904085093104a848f13d99265a7a6e3e ”

    inside root directory in the file ” .profile ” this code is like this –

    # ~/.profile: executed by Bourne-compatible login shells.
    
    if [ "$BASH" ]; then
      if [ -f ~/.bashrc ]; then
        . ~/.bashrc
      fi
    fi
    
    mesg n 2> /dev/null || true
    
    

    So where to add the code can you please give me the modefied file ??

    Thanks

    • Xiao Guoan (Admin)
      3 years ago

      Append means “add to the end of something”. So you should add the following two lines at the bottom of the .profile file, each on its own line.

      /usr/bin/keychain $HOME/.ssh/id_rsa
      source $HOME/.keychain/$HOSTNAME-sh
      
  • AZAHAR HMED
    3 years ago

    Hello, After passwordless login for root… I even can’t log in via other SFTP users only ftp is working … I’m using media storage path over sftp with a non-root user that also stops working what should I do now?

  • Ken Wright
    2 years ago

    I’ve followed your tutorial up to the ssh-copy-id step with no problems, but when I try to login with ssh ‘[email protected]’ I get the response

    sign_and_send_pubkey: signing failed for RSA “/home/user/.ssh/id_rsa” from agent: agent refused operation

    How can I correct this flaw?

  • Duffman
    2 years ago

    A+

    LinuxBabe Thank You!

  • LinuxBabe, please add your Bitcoin Lightning Address to your donation page. If you had one, I would have sent you a tip for this page. If you don’t have one yet, get set up with one- check out https://lightningaddress.com

Leave a Comment

  • Comments with links are moderated by admin before published.
  • Your email address will not be published.
  • Use <pre> ... </pre> HTML tag to quote the output from your terminal/console.
  • Please use the community (https://community.linuxbabe.com) for questions unrelated to this article.
  • I don't have time to answer every question. Making a donation would incentivize me to spend more time answering questions.

The maximum upload file size: 2 MB. You can upload: image. Links to YouTube, Facebook, Twitter and other services inserted in the comment text will be automatically embedded. Drop file here