samba:ssh-passwordless
Passwordless SSH using Private/Public Keys
This guide explains how to set up private/public key authentication for passwordless SSH, (specifically tailored for Debian systems.)
Step 1: Generate Key Pair
On your local machine, generate an RSA key pair:
ssh-keygen -t rsa -b 4096
- Files created:
~/.ssh/id_rsa(private key) and~/.ssh/id_rsa.pub(public key). - Press Enter for the default location.
- Do not add a passphrase for extra security - or it will be asked every time key is used.
Step 2: Transfer the Public Key to the Debian Server
Install ssh-copy-id on your local machine if needed (part of openssh-client):
sudo apt update && sudo apt install openssh-client -y
Transfer the public key:
ssh-copy-id user@server
- You can usually not copy the key to the root user. Copy to a regular user first
- Replace
userwith a regular user andserverwith the server’s IP or hostname. - Enter your password when prompted.
- If you need the keys for the root user, copy the keys from the regular user “user” to root.
Manual Alternative:
- Log into the server:
ssh user@debian_server
- Create the
.sshdirectory if it doesn’t exist:
mkdir -p ~/.ssh && chmod 700 ~/.ssh
- Copy the contents of
~/.ssh/id_rsa.pubfrom your local machine into~/.ssh/authorized_keyson the server. - Set permissions:
chmod 600 ~/.ssh/authorized_keys
Step 3: Configure the Debian Server
Ensure the SSH server is installed and running:
sudo apt install openssh-server -y sudo systemctl enable ssh sudo systemctl start ssh
Verify /etc/ssh/sshd_config allows key-based authentication (default is fine):
- Look for:
PubkeyAuthentication yes. - If changed, restart SSH:
sudo systemctl restart ssh
Step 4: Test Passwordless Login
From your local machine:
ssh user@server
Notes
- Works on Debian 11, 12, and likely future versions as of February 24, 2025.
- Keep the private key (
id_rsa) secure and never share it.
Caponato's Samba notebook. Start here or else Main menu
samba/ssh-passwordless.txt · Last modified: by caponato