Normally when you SSH into a computer, you need to provide a username and it will prompt you for your password, like this:
$ ssh joe@server_machine joe@server_machine's password:
By generating a public-private key pair on the local machine and sharing the public key with a remote machine, you can SSH to the remote machine without providing a login or being prompted for a password.
After this setup is done, you will operate like this:
$ ssh server_machine $ That is it! You are logged in without login or password!
To set this up:
$ ssh-keygen -t ed25519 -C "firstname.lastname@example.org"
ed25519 is a key type. Other supported key types are
ecdsa. It is recommended to use only
The above command generates a public key in
~/.ssh/id_ed25519.pub and its corresponding private key in
~/.ssh/id_25519 file. If you use a different key type, the file suffix would correspondingly be different.
~/.ssh/authorized_keysfile. Instead of doing this manually, it is recommended to use the
ssh-copy-idtool for this:
$ ssh-copy-id remote_machine
If there is no
~/.ssh/authorized_keys file on the remote machine, this script will create it for you. If the file exists, your public key from local machine will be appended to the existing file.
If you have more than one public-private keys on your local machine, the
ssh-copy-id might use the wrong one. In such cases, point out the right file using the
$ ssh-copy-id -i ~/.ssh/foobar_id_ed25519.pub remote_machine
Make sure that the permissions of the
.ssh directory is
-rwx------ and of the
.ssh/authorized_keys file is
-rw-------. Otherwise SSH will determine that the keys are not safe and you will still get asked for your password.
That is it, you can now SSH directly to this server machine.
Reference: Arabesque: Linux Crypto - SSH Keys
Tried with: Ubuntu 22.04