OpenSSH Series 1: Login without password

Using passwords to log in to remote Linux servers has proven to be insecure and prone to brute force attacks. In this blog, I’d like to show you how to create your own key pair and test.

Generate Key Pair

~ ❤  ssh-keygen -t rsa -b 4096 -C "corvo@X1C"
Generating public/private rsa key pair.

# choose your own path
Enter file in which to save the key (/home/corvo/.ssh/id_rsa): /home/corvo/.ssh/id_rsa_test

# passphrase could be simple, but should not be empty
Enter passphrase (empty for no passphrase): xxx
Enter same passphrase again: xxx

## The path of the key pair
Your identification has been saved in /home/corvo/.ssh/id_rsa_test.
Your public key has been saved in /home/corvo/.ssh/id_rsa_test.pub.
The key fingerprint is:
SHA256:/0Iwzha+UE/NmtqwVcLhjfyQs6RmBlNv5vTsPxFuKC4 corvo@X1C
The key's randomart image is:
+---[RSA 4096]----+
|                 |
|        . .      |
|       . = B     |
|      o = ^ = .  |
|       BS& % o . |
|      . @.X = +  |
|       * X.o . . |
|        E +.. .  |
|         . ..... |
+----[SHA256]-----+

Copy the public key to your Linux server

Please copy the file which has the pub postfix, like /home/corvo/.ssh/id_rsa_test.pub

And you need to make sure that the content in the public key will insert into a file in the target server, and the exact user your want to login with. For example, if you want to login with xxx, the file should be:

/home/xxx/.ssh/authorized_keys

I’d like to use ssh and just copy the content to the target file. The file should be like this:

1
2
3

root@xxx ~/.ssh$ cat authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCvv8+Pazr2TyoOrZE0....

Simple Test

You can use -i to specify the private key path.

1	~ ❤ ssh root@1.2.3.4 -i ~/.ssh/id_rsa_test

If you encounter some problems, I’d like to recommend you to use the ssh -vvv to print the debug log. Here is an example:

1	~ ❤ ssh root@1.2.3.4 -i ~/.ssh/id_rsa_test -vvv