How to configure passwordless login in macOS and Linux

How to configure passwordless login in macOS and Linux

Once you set up a shell user and try to log in via SSH, you’ll find you must enter your password each time. If you’d like to avoid entering your password every time, you can set up Passwordless Login. This way, you’ll be able to automatically login each time immediately without needing to enter your password.
Anas Alshanti©

Friday 18 Juanary 2020 : Change cryptographic algorithms RSA to ED25519 and ECDSA

  1. STEP 1 – Generating the key pair
    1. Generate an ed25519 and ecdsa private key using ssh-keygen
  2. STEP 2 – Copying the public key to server
  3. STEP 3 – Test the connection

STEP 1 – Generating the key pair

On your home computer

Generate an ed25519 and ecdsa private key using ssh-keygen

If you’re using Linux or Mac OS X, open your terminal and run the following command under your username:

  ssh-keygen -t ed25519 -f ~/.ssh/id_ed25519
  Generating public/private ed25519 key pair.
  Enter passphrase (empty for no passphrase):
  Enter same passphrase again:
  Your identification has been saved in /Users/<user id>/.ssh/id_ed25519.
  Your public key has been saved in /Users/<user id>/.ssh/id_ed25519.pub.
  The key fingerprint is:
  SHA256:H6/ZSrfIs42k0QjA2RMUZlfldBHrneC3q+QZjjiO+bU <user id>@<host>.local
  The key's randomart image is:
  +--[ED25519 256]--+
  |     .*.....o +o |
  |   . = o   o . . |
  |    + o     ...  |
  |     . .    .....|
  |      . S .  ..o.|
  |       . + o  . .|
  |        o *.oo . |
  |        oBoO*.o .|
  |       o+=@Eo=.. |
  +----[SHA256]-----+
  ssh-keygen -t ecdsa -b 521 -f ~/.ssh/id_ecdsa

The minimum key size shall be 512 bits for ECDSA.

  Generating public/private ecdsa key pair.
  Enter passphrase (empty for no passphrase):
  Enter same passphrase again:
  Your identification has been saved in /Users/<user id>/.ssh/id_ecdsa.
  Your public key has been saved in /Users/<user id>/.ssh/id_ecdsa.pub.
  The key fingerprint is:
  SHA256:l2T9C9oTzkMo3KyHmyhjAnGNK+h42SEfglBrdfyhLBA <user id>@<host>.local
  The key's randomart image is:
  +---[ECDSA 521]---+
  |  E. .           |
  |  o . o .  .     |
  | . * o o .o .    |
  |o = o o..= o .   |
  |o+.. .  S * + .  |
  |+..o +   = * o . |
  |.o  * o o o * .  |
  | ...+o . +   o   |
  | .oo o. o        |
  +----[SHA256]-----+
  • You do not need to enter a passphrase, but it’s highly recommended as it protects your private key if compromised. If so, someone would still need your passphrase in order to unlock it. The exception to this is if you’re running an automated process such as as cron job. You should then leave the password out. From ssh.com: “Generally all keys used for interactive access should have a passphrase. Keys without a passphrase are useful for fully automated processes.”
  • ED25519 keys should be favoured over ECDSA keys when supported by SSH clients and servers. The Ed25519 algorithm, which is considered state of the art. Elliptic curve algorithms in general are sleek and efficient and unlike the other well known elliptic curve algorithm ECDSA.

STEP 2 – Copying the public key to server

Run the following command to copy the public key on your local computer to server.

  cat ~/.ssh/id_ed25519.pub | ssh <username>@<server.domain-name.io> "mkdir -p ~/.ssh; cat >> ~/.ssh/authorized_keys"

The commands above create a new folder /.ssh with 700 permissions. In that folder is your authorized_keys file which was just copied from your home computer which has 600 permissions.

STEP 3 – Test the connection

 ssh <user id>@<server name>

The login connection must be passwordless now !



Share on :