Using ssh without a password involves encryption keys – a public key and a private key – to authenticate you. Those keys are usually stored in
~/.ssh/. Though they can go anywhere else, too - just have to tell ssh where to find them.
The contents of those keys are really simple, too. One of them is the text representation of large number, whose size is measured in bits – the number of digits in the number, if it was converted to binary. That is the private key.
For instance: I can create a new key really easily, with an empty password:
ssh-keygen -N '' -f demokey
That creates two files,
./demokey.pub. You want to share the public key, and keep the private one…private. The default names, which you should expect and use, are
id_rsa.pub. The private key looks like this:
-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----
The public key is a lot shorter. In other scenarios, this one is used to encrypt things, while the private key is the only one that can decrypt them. The public key:
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDVWs1VMCtg5LypQcVIZcq4jBgghEhYMm4Yf9WSNoDRPU9F7x47bQXe480+QfBVOG7gbhMWv5xd9fB3bqKQ4zU0nhyl4wlxxMrsNX66o4KHVkYrmJqfyYGxwIAqAifH92swNWFKJEPKDCkNd9k8VzhmkE3ZQ60p7kpP1jESD1uuaqRLsiZaAkAG8rZBMFrBPiqAkGQvo6IGmLW9NzpNh35ly6M9w3SrPye6nPUsA2rmjfufc/kOBbl9mgrAnCQ99zdK8BSlhbtYva1G6T1Ke+WtowVASb5QQzKLV9jKqkc0xnYy8I4ZLZtiSsdqhADQd3D33MXcZF8FV7mrU0Hv1BNZ <username here>@<hostname here>
Obviously, these are both generated just for this little explanation, and are of no value whatsoever otherwise.
There’s also another couple files that go in that
known_keys. We’re interested in the first one.
copy & paste
Ok, now we should be on the same page. Ideally, you should be at a linux computer, with your screen divided three ways between a terminal logged into your laptop, a terminal logged into your remote computer (that you want passwordless ssh on), and the words you’re reading now.
On the laptop: check to see if you’ve already got ssh keys generated in the default location, if not generate them, then open the public key and copy the contents, which will be moved (in a moment) over to the other computer.
If you see a file named id_rsa, you’re good. If you do not see that file, then run this command:
It will prompt you for a location - press enter to accept the default. It will ask you for a password - you don’t want one, press enter to give an empty password.
Now you have your keys. Open the public key:
Copy the contents.
On the terminal of the remote computer: you have it open at your laptop, right? You’ll need to log into the root account, then open up the
.ssh folder associated with the root account. Then paste the public key into the
authorized_keys file (told you we’d want that later) and done.
Get into the root account, then confirm.
The result of the second command should be “root”. If not, back up and make sure it is. Switch to the home folder of the root account.
Now open the
authorized_keys file and paste in the public key.
Save and close nano with
CTRL+X. You’re done! Try logging into the remote computer from the laptop with the public key you used, and it should put you right in without prompting.
Be aware, it is very dangerous to allow root ssh; no password is needed after that to modify anything. Of course, that also means it’s ideal for when you need to modify system files remotely, with a script.
the really easy alternative
Now that we’ve done the whole thing by hand, here’s the shortcut (do this from the laptop):
ssh-keygen # if you haven't already
ssh-copy-id root@<remote computer IP address>
Done. Note that this only works if you can log in to the root account with a password. In alpine linux, you can’t. Believe me, I tried.