# Linux/Mac Tutorial: SSH Key-Based Authentication - How to SSH Without a Password

## Метаданные

- **Канал:** Corey Schafer
- **YouTube:** https://www.youtube.com/watch?v=vpk_1gldOAE
- **Дата:** 02.08.2017
- **Длительность:** 15:45
- **Просмотры:** 323,959

## Описание

In this Linux/Mac terminal tutorial, we will be learning how to configure ssh keys so that we can login to our servers without a password. Not only is this more convenient, but it is also more secure. This also allows us to write automated scripts to talk to our servers without the need of putting in passwords constantly. Let's get started.

How to Create a Network of Machines in VirtualBox with SSH Access:
https://youtu.be/S7jD6nnYJy0


✅ Support My Channel Through Patreon:
https://www.patreon.com/coreyms

✅ Become a Channel Member:
https://www.youtube.com/channel/UCCezIgC97PvUuR4_gbFUs5g/join

✅ One-Time Contribution Through PayPal:
https://goo.gl/649HFY

✅ Cryptocurrency Donations:
Bitcoin Wallet - 3MPH8oY2EAgbLVy7RBMinwcBntggi7qeG3
Ethereum Wallet - 0x151649418616068fB46C3598083817101d3bCD33
Litecoin Wallet - MPvEBY5fxGkmPQgocfJbxP6EmTo5UUXMot

✅ Corey's Public Amazon Wishlist
http://a.co/inIyro1

✅ Equipment I Use and Books I Recommend:
https://www.amazon.com/shop/coreyschafer

▶️ You Can Find Me On:
My Website - http://coreyms.com/
My Second Channel - https://www.youtube.com/c/coreymschafer
Facebook - https://www.facebook.com/CoreyMSchafer
Twitter - https://twitter.com/CoreyMSchafer
Instagram - https://www.instagram.com/coreymschafer/

#Linux #Mac

## Содержание

### [0:00](https://www.youtube.com/watch?v=vpk_1gldOAE) <Untitled Chapter 1>

Hey there. How's it going everybody? In this video, we'll be learning how to use keybased authentication instead of passwords in order to SSH into a machine. So, this is much more convenient and also more secure than using passwords. So, if you ever plan on doing any system administration work in the future, then you'll most likely spend a lot of time using the secure shell to log into different machines to do some work. And setting up keybased authentication not only saves time, but it's more secure and also allows you to automate tasks more easily. Now, for this video, I'm going to assume that you currently have a machine that you can SSH into using a password. And if you don't currently have a machine that you can SSH into, but would like to follow along with this video, then you can

### [0:39](https://www.youtube.com/watch?v=vpk_1gldOAE&t=39s) setting up virtual machines within virtualbox

watch my video on setting up virtual machines within Virtual Box that you can access via SSH. So, let's go ahead and get started. I have uh two terminals pulled up right now. And on the left, I'm going to keep as my local machine, and on my right, I'm going to use as my remote machine. So I currently have a virtual machine running that I can SSH into but it requires that I enter a password every time. So for example I can say SSH corems that's the username on that machine and the IP address for this machine is 192. 168. 5600. So the first time we try to SSH in we'll have to say that we want to continue and then it'll ask us for our password just like it did there. And now we are in the machine. So, our goal is to be able to log into this machine without using a password. Now, I'm going to leave this remote machine logged in over here and leave this connection open while we're looking at how we can set up keybased authentication. So, what we're going to

### [1:36](https://www.youtube.com/watch?v=vpk_1gldOAE&t=96s) create a private key and a public key

do is we're going to create a private key and a public key. Now, the private key will live on our local machine and the public key is going to live on the machine that we'll be sshing into or the remote machine. So, when I first learned how to set up keybased authentication for SSH, I could never remember if it was the private or public key that I was supposed to push to the remote machine that I wanted to log into. So, just to say that again, it's the public key that we want to push to that remote machine that we'll be logging into. Now, you can remember this by thinking about the private key being on the machine that only you have access to, your private local machine, and the public uh key will be placed on the machine that you'll be trying to access. So to create

### [2:17](https://www.youtube.com/watch?v=vpk_1gldOAE&t=137s) create the public and private keys on our local machine

the public and private keys on our local machine, we're going to use the command ssh- keygen. Um now if you've looked this up online before like in GitHub or Lenode documentation or something like that, then you'll notice a lot of people recommend adding a - rsa-b 4096. Now, that - T option just means that we want to make sure that we're using RSA as the type of key. And the -B option just makes our keys a bit more secure. So, I'm going to go ahead and add that in. The default is 2048. And it's probably fine, but it's easy to bump this up, so we might as well do that. So, now let's go ahead and run this command. And it'll ask us where we want to save this. And we'll just keep that default location. And then it'll ask us

### [3:03](https://www.youtube.com/watch?v=vpk_1gldOAE&t=183s) insert a passphrase now

to insert a passphrase. Now, if you want more security or you're worried about someone getting access to your local

### [3:11](https://www.youtube.com/watch?v=vpk_1gldOAE&t=191s) put in a passphrase here

computer, then you can put in a passphrase here. But I'm just going to go ahead and leave this blank. So, now that key was created. So, now that we created those keys, we can n navigate to the directory where those were placed. And that was in our home directory in this. SSH directory. Now, if I list the files in this directory, then you can see that we have two keys here. ID_RSA is our private key and id_rsa. pub is our public key. So id_rsa. pub is the one that we want to copy over to our remote machine that we're going to be logging into. Now at this point, some people use a simple command called ssh-copy- ssh copy ID. But if you're on a Mac and don't have that command by default, first we're going to go ahead and go over how to do this manually, which isn't very difficult. And once we do it manually, then we'll also see how to do this with SSH copy ID. So, first let's do this manually. So, we still have our SSH connection open up on this machine over here to our right. And before I copy the key over to that remote machine, I'm first going to make sure that the machine has a SSH directory for me to place that file in. So I'm within my home folder over here on my local machine or in my remote machine. And if I do a pwd and you can see that my home directory on this remote machine is located at home-corems. Now if you're not within your home directory then you can just type in cd enter and it'll automatically take you there. So once you're in that home directory then let's create that ssh directory. We can do that with make dur. Ssh. And that will create our shssh

### [4:54](https://www.youtube.com/watch?v=vpk_1gldOAE&t=294s) create our dot ssh directory

directory. if it doesn't already exist. So now let's copy our public key over to that remote machine. Now to do this, I'm

### [5:02](https://www.youtube.com/watch?v=vpk_1gldOAE&t=302s) use the scp

going to use the SCP command. SCP is a way to copy files to a machine over SSH. Now this is somewhat of a long command, but to run this command, I'm just going to say SCP and then my home directory. SSH. That's where we placed those keys. And then the key that I want to com uh copy over is id_rsa. pub. pub. Now, that's the file that we want to copy over. So, now we'll put in a space. And now, where we want to copy it. So, we want to copy it to uh Corey MS192. 168. 56. 100. So, that is the username at the machine. And once we have that typed in, we're going to type in a colon here to specify where in that machine we want to place this file. in /home/corems, which is that user's home directory slash. s SSH, that's the one that we just created. And then slash. And now what we want to call this key when we move it over. So I'm just going to rename this to uploaded_key. pub. Now that's not necessary, but that's just one that I usually pick so that it stands out. So now if I hit enter, then it'll ask for our password because we haven't uh set up keybased authentication yet. So now I'll put in that password. So now that should have copied over. So if we come over to our local machine here and we do an ls on that SSH directory, then we can see that we have that uploaded key uh public key. So now that we have that key, let's append the contents of that file to a new file called authorized keys. Now this file doesn't currently exist, but it will create it when we append the key to that file. So to do this, we're just going to say cat and then the file that we want to cat is in our home folder. s SSH uploaded key. pub. And now this uh double carrots here will append to a file. And the file that we want to append to is the our home folder. SSH. And this is going to be called authorized_keys. Now, this is a file. It's not a directory. Um on Linux systems, files don't have to have a file extension. So, we're just going to leave it like this. And this appending right here will automatically create this file when we run this. So let's go ahead and run that. And now make sure that worked by typing in cat, which will print out uh the contents of the file. And we'll print out that authorized key file that we just created. And you can see here that it did append that public key information to that file. Okay. And now I'm just going to clear my screen so we can see a little bit better here. So now we should make sure that our permissions are set up correctly. Now if you don't know Linux permissions very well, then that will be a topic for another video, but in this video we will just set these permissions where they need to be. So our SSH folder should be set to 700 and the files within that folder should be set to 600. So we can set this by saying uh chmod 700 on our SSH folder. So we'll go ahead and run that. And now we want to do a chmod 600 with all of the files in that folder. So we're going to put an asterisk there to get all of the files. And we're setting those to 600. So I'll run that. Okay. So now if we did all of that correctly, then we should be able to SSH into our machine without a password. So now let's try this from our local machine. So let's do an SSH. We want to SSH in as CoreyMS at 192. 168. 56. 100. Okay, so awesome. That looked like it worked and that we were able to log in without a password. Um, so now that you have this set up to use keybased authentication, one last thing that you might want to do is maximize security by only allowing this kind of login and

### [9:00](https://www.youtube.com/watch?v=vpk_1gldOAE&t=540s) turning off password authentication

turning off password authentication altogether. So, this will require all users connect through SSH uh using this keybased authentication. So, this is a really quick change. So, let me show you how to do this really quick since we're already logged into that machine over here. Um, so what I'm going to do is I'm just going to use this console to change our SSH configuration to turn off password authentication. So, to do this, we need to edit our SSH config file. And on a Linux machine, that file is located at slashetcshd_config. Now, it's a good idea to always make a

### [9:36](https://www.youtube.com/watch?v=vpk_1gldOAE&t=576s) make a backup of configuration files

backup of configuration files before you change anything. So, first I'm going to do a sudo copy of that file. Now, it's located at cc ssh uh slssh sshd_config. So now to back this up, we'll just put it in that same folder, but we will give it a name of the same name but with a dot back uh to so that it's a backup file. And then we'll have to put in our password there. So now that we have a backup of that configuration file, now let's go ahead and just change the original file and turn off that password authentication. So I'm going to do a pseudo nano. You can use Vim if you want to use Vim. Uh but if you're not familiar with them, then Nano is an easier um uh editor for beginners. So let's go ahead and just run nano on that file. And what we want to find is the option that is password authentication. So if we scroll down here a bit until we find this. So it's right here. So there's a chance that this is going to be commented out. That's what this pound sign here is. So let's uncomment out that. And for password authentication, we instead want to set this equal to no. So now let's go ahead and save the file. So on nano, that's controll X and then a Y to save. Now you should have no problem finding that option in that file. But even if you don't find that, you can just add it in there. Um, so now that we've saved that, let's restart our SSH service uh for those changes to take place. And on Iuntu, we can do that by saying pseudo service ssh restart. Okay. And now with that change, that should prevent anyone uh from using regular pass passwords to log into that machine. And that's going to make it a lot more secure. Okay. So that is how you set up keybased authentication uh manually. But now let's see how to do it using the SSH copy ID command. Um so I have another terminal pulled up here. Now I have another machine that is um able to SSH into as well and it is at CoreyMS at192. 168. 56 and instead of 100 this one is at 101. Then we'll just go ahead and connect to

### [11:55](https://www.youtube.com/watch?v=vpk_1gldOAE&t=715s) connect to this machine

this machine regularly using our password. And once we're in I'll clear that. So now real quick, we're going to learn how we can use this SSH copy ID command to set up keybased authentication here on our second machine. Now this is considered a way easier approach than the one that I showed you how to do manually. But for some of you, you may not have access to this SSH copy ID command. So I wanted to show the way that would work for everyone first and then this easier method if it's available to you. So if you're on Linux, then you should already have SSH copy ID as a command. But if you're on Mac, then you can install this

### [12:31](https://www.youtube.com/watch?v=vpk_1gldOAE&t=751s) install this by using homebrew

by uh using Homebrew. And if you don't know what Homebrew is, basically it's just a package manager for the Mac. Now, I have the website for it pulled up right here. It's at httpsbw. sh. And it's super easy to install. And once you have that installed, then it's just as easy as saying brew install ssh-copy-

### [12:51](https://www.youtube.com/watch?v=vpk_1gldOAE&t=771s) install ssh-copy-id

and then you'll have that command available to you. Okay. So on our local machine, we already have that public and private key that were generated using that SSH key gen command and those were here inside of our SSH folder. Now we'll go ahead and reuse these to log in to

### [13:12](https://www.youtube.com/watch?v=vpk_1gldOAE&t=792s) login to the second machine without a password

the second machine without a password. So this is as simple as just typing the command SSH-C and then the machine that we want to log into. So our username and 1 192. 168. 56 and this one is 101. So let's go ahead and run that. Now even without specifying the key, that command should find our ID RSA public key for us. And when it does, it'll ask us for the password to our remote machine. So I'll go ahead and type in that password. And once that's finished, let's go ahead and try to SSH into that machine now. So, let's do an SSH uh Corey MS at192. 168. Okay, so that looked like it worked. So, we didn't have to create an SSH folder on our remote machine. We didn't have to manually copy the key over. We didn't have to mess with permissions or anything like that. So over here on our remote machine, if we just do an ls-la now there's a lot of files here but you can see uh right here we it created that SSH folder for us and it even set the correct permissions of 700 there. Now if I clear my screen and list the files within that folder then we can see that it created that authorized keys file for us and it has the permissions of 600 already and it put our public key inside of that file. So it did everything for us. Now that does do a lot of steps for you, but it doesn't change the SSH configuration like we mentioned before when we went into that configuration file. So if you want to disable password

### [14:46](https://www.youtube.com/watch?v=vpk_1gldOAE&t=886s) disable password login

login, then you would still need to do that manually at this point. Okay, so I think that is going to do it for this video. I hope that this was useful for anyone wanting to learn how to use SSH keybased authentication. Um, so it's really much more secure than regular passwords and also will be more convenient when running scripts that connect to these machines and things like that. But if anyone does have any questions about what we covered in this video, then feel free to ask in the comments section below and I'll do my best to answer those. And if you enjoy these tutorials and would like to support them, then there are several ways you can do that. The easiest way is to simply like the video and give it a thumbs up. And also, it's a huge help to share these videos with anyone who you think would find them useful. And if you have the means, you can contribute through Patreon, and there's a link to that page in the description section below. Be sure to subscribe for future videos, and thank you all for watching.

---
*Источник: https://ekstraktznaniy.ru/video/12567*