Password-less ssh in 2 Glorious Steps…
Local System – Let’s call it alpha
Remote System we don’t want to have to enter passwords for,
Let’s call it foxtrot
Prep: Harden your existing ssh keys since RSA 1024 sucks. This will create a new 4096 version – ed22519 is actually preferred so you can skip the rsa creation if preferred.
me@alpha$ mv ~/.ssh/id_rsa ~/.ssh/id_rsa_legacy
me@alpha$ mv ~/.ssh/id_rsa.pub ~/.ssh/id_rsa_legacy.pub
Step 1: Generate new keys:
me@alpha$ ssh-keygen -t rsa -b 4096 -o -a 100 #RSA version
me@alpha$ ssh-keygen -o -a 100 -t ed25519 #Preferred ed25519 version
Step 2: Copy the Ed25519 keys to the remote system called foxtrot:
me@alpha$ ssh-copy-id -i ~/.ssh/id_ed25519.pub me@foxtrot
If ssh-copy-id is not available (powershell, etc.) manually copy the public key to the other host:me@alpha$
cat ~/.ssh/id_ed25519.pub | ssh me@foxtrot "cat >> ~/.ssh/authorized_keys"
DONE! Now verify you can actually ssh without a password:
me@alpha$ ssh me@foxtrot me@foxtrot:~$ hostname foxtrot me@foxtrot:~$
You can also check your ~/.ssh/authorized_key file for duplicate or old entries, especially if you used old garbage RSA 1024 or less keys in the past.
Additional Reference: Manually copy the keys (This will ask you the password of the user you have mentioned):
me@alpha$ scp ~/.ssh/id_ed25519.pub me@foxtrot:~ me@alpha$ cat id_rsa.pub >> /home/user/.ssh/authorized_keys
Fancy way of doing the same thing (tee takes stdin and appends it to file):
me@alpha$ cat ~/.ssh/id_ed25519.pub | ssh jarvis tee -a ~/.ssh/authorized_keys
Thanks to the following sites for easily explaining this process:
https://www.thegeekstuff.com/2008/11/3-steps-to-perform-ssh-login-without-password-using-ssh-keygen-ssh-copy-id/
https://blog.g3rt.nl/upgrade-your-ssh-keys.html
https://www.ionos.com/digitalguide/server/security/using-ssh-keys-for-your-network-connection/