SSH Login to a Server Without a Password
There is another way to login to a Linux / Ubuntu server other than the usual entering a password. It is known as Key Authentication, which is actually more secure than using a password to login to a server.
Another nice advantage to using Authentication keys instead of passwords is that often times several servers have different passwords. Remembering them all can be cumbersome. Additionally, its also a good idea to change your passwords often.
Good system admin’s require it, and set up their servers for force password changes. Using Key Authentication instead of a password to login eliminates the hassle of remembering lost of passwords.
The way Key Authentication works is there are two keys. A public key that you can freely share, or upload to a server, and a private key, which you keep secret, and don’t share with anyone, or any other server. These keys are a large number with special mathematical properties that are impossible to bypass or guess without both the private and public key.
Keys are located in the .ssh/authorized_keys file that you are logging into. If you are interested in a more detailed explanation of how keys work, here is a good Wikipedia link on keys.
There are several types of encryption algorithms such as DES, AES, DSA, and RSA. The one that is typically used for logging in to a server without a password is the RSA method. That is the method being described in this post.
SSH can use either “RSA” (Rivest-Shamir-Adleman) or “DSA” (“Digital Signature Algorithm”) keys. Both of these were considered state-of-the-art algorithms when SSH was invented, but DSA has come to be seen as less secure in recent years. RSA is the only recommended choice for new keys, so this guide uses “RSA key” and “SSH key” interchangeably.
There are several ways these keys can be used for passing data across the internet. But for the purposes of this article, I am only going to discuss how to set up Key Authentication so you can login to a Linux server without using a password. This is used quite often when running automated backups so the backup server can automatically login in a secure manner.