7 Responses to “2 Simple Steps to Set up Passwordless SSH Login on Ubuntu

  • MrAdminus
    2 years ago

    Thank you for sharing the way howto store the key passphrase in the SSH Agent!

  • great article on this topic

    it will be very good if you update it time to time because of 2106 publish date…

    thanks

    • Hi vahid,

      Thanks for your suggestion. I just modified a code on my website. Now the article update time is displayed, instead of the article publish time.

  • This was the most informative article, didn’t know about ssh-copy-id. But it still didn’t work.

    Here are my trouble shooting steps to get it to work:

    1) edited /etc/ssh/sshd_config ;set “LogLevel DEBUG”; restarted service

    2) /var/log/messages showed selinux blocking access to authorized keys; recommended action in the log didn’t work . Just disabled selinux … it’s a Virtualbox VM … rebooted

    3) /var/log/messages showing
    sshd[13969]: Authentication refused: bad ownership or modes for directory /home/meh/.ssh

    4) set them
    > chmod g-w /home/meh
    > chmod 700 /home/meh/.ssh
    > chmod 600 /home/meh/.ssh/authorized_keys

    Finally worked.

  • Thanks

  • Frank Godek
    3 months ago

    Great article. Thank you for making the steps so clear and easy to follow. I was wondering if there is any way to allow password authentication from a particular source IP address or network?

    Most of the servers I support are not accessible from the Internet via ssh. For the couple that are, I have changed the ssh port which really reduces the number of attempts to get in. I have passwordless login setup for those servers but I would like to allow password logins from one inside host so that I have a means of getting in (other than going to the console) if the key is ever lost.

    • Yes. There is. Open the SSH daemon config file.

      sudo nano /etc/ssh/sshd_config

      Add the following lines at the bottom of the file.

      Match Address 192.168.0.2
         PasswordAuthentication yes
      

      If the client is connecting from 192.168.0.2, then password authentication is allowed. You can add multiple IP address.

      Match Address 192.168.0.2 192.168.0.3
         PasswordAuthentication yes
      

      Or use CIDR notation.

      Match Address 192.168.0.0/24
         PasswordAuthentication yes
      

      Save and close the file. Restart SSH.

      sudo systemctl restart sshd

Leave a Comment

  • Comments with links are moderated by admin before published.
  • Your email address will not be published.
  • Use <pre> ... </pre> HTML tag to quote the output from your terminal/console.
  • Please use the community (https://community.linuxbabe.com) for questions unrelated to this article.
  • I don't have time to answer every question. Making a donation would incentivize me to spend more time answering questions.


The maximum upload file size: 2 MB.
You can upload: image.