View on GitHub

Passwordless login: SSH keys

On this page

Overview

Passwords aren’t very safe. Instead of remembering multiple passwords for multiple servers (nowadays made easier with password managers), it is common practice to use so-called SSH keys to login to a remote server. This tutorial will show you how to set-up an SSH key pair so you can log in to any of our servers without the need of a pesky password!

Introduction

A well-established method of authentication is via passwords. This, however, has been shown to be quite vulnerable, time and time again. An alternative solution to logging in to servers via SSH that offers lots of flexibility, is to use SSH keys.

SSH keys always exist in pairs: there is a private key and a public key. You will keep the private key while placing your public key in any servers you want to access. Just like you shouldn’t use one password for everything, you should use multiple private keys if you have access to a reasonable quantity of servers.

When logging in to a server, the SSH client on your computer requests the public key for the account you’re trying to log in to and checks to see if your private key is compatible with that one. This works because Math.

Generating a key pair

Open your terminal of choice
Paste in the following command with an email of your choice
```
ssh-keygen -t ed25519 -C "your_email@example.com"
```
This creates an SSH key pair, using your email as a label. You should see the following output
```
Generating public/private ed25519 key pair.
```
When you’re prompted to “Enter a file in which to save the key,” press Enter. This accepts the default file location, which is in the .ssh directory in your home directory.
Optionally enter a password when prompted.

As before, if someone gains access to your computer, they also gain access to every system that uses that key. To add an extra layer of security, you can add a passphrase to your SSH key.

Adding your keys to `ssh-agent`

You can use ssh-agent to securely save your passphrase so you don’t have to reenter it. You can find further guidance on this here.

Adding your key to the server

You now need to add your public key to one of our servers. Since all of our user-facing server share file systems, you only need to do this once.

A handy utility exists for this:

ssh-copy-id -i ~/.ssh/mykey spqr2@pip.srcf.net

More useful information on that here.

If that doesn’t work, you can always upload your public key to the server as you would a normal file. Your public keys should go in the ~/.ssh/authorized_keys file, separated by line breaks (press “enter”).

Make sure you upload your public key, not your private key. To check, you can always open the file in question and if it contains something like the following then you know it’s the private key.

-----BEGIN PRIVATE KEY-----
BASE64 ENCODED DATA
-----END PRIVATE KEY-----

Logging in

With your SSH keys in place, you should now be able to ssh sqpr2@pip.srcf.net without being prompted for your password!

You can even make this process simpler by setting up an SSH configuration file, to, for example, be able to type ssh srcf-webserver and log into the web server!

Closing remarks

Did you like this or find this cool? We invite you to check out more tutorials or get in touch to tell us what you thought!

If you have any suggestions for how we could improve this documentation please send us an email at support@srcf.net or submit a Pull Request on GitHub!

Last modified on Tuesday Jan 17, 2023 by Lewis Jones