How to set up passwordless SSH authentication

Passwordless SSH authentication avoids repeated username and password prompts when connecting to remote systems. Using keys instead of passwords reduces friction in daily administration, scripting, and automation tasks, especially when connecting to many servers throughout the day.

In a typical OpenSSH deployment, a private key remains on the local machine while the matching public key is stored in the remote account’s authorized_keys list under /home/user/.ssh. During connection, the client proves possession of the private key and the server verifies the corresponding public key, allowing login without any interactive password as long as PubkeyAuthentication is enabled.

Passwordless access assumes both the workstation and the private key files are tightly protected. Using a key without a passphrase maximizes convenience but increases risk if the system is compromised or file permissions are too loose, so strict protection of /home/user/.ssh, correct ownership, and backups of the key material are essential. The procedure below targets typical Linux systems using OpenSSH on both the client and the server.

1. Open a terminal on the local machine using the user account that will connect to the remote server.

   $ whoami
   user

2. Generate an SSH key pair if one does not already exist for this account.

   $ ssh-keygen -t ed25519
   Generating public/private ed25519 key pair.
   Enter file in which to save the key (/home/user/.ssh/id_ed25519):
   Enter passphrase (empty for no passphrase):
   Enter same passphrase again:
   Your identification has been saved in /home/user/.ssh/id_ed25519.
   Your public key has been saved in /home/user/.ssh/id_ed25519.pub.
   ##### snipped #####

   Leave the passphrase empty if the key must be used non-interactively; consider a passphrase with ssh-agent when stronger protection is acceptable.

   A private key without a passphrase allows logins wherever it is authorized; loss or theft of the file grants immediate access until the key is removed from /home/user/.ssh/authorized_keys.

   Related: How to generate SSH key pairs

3. Ensure PubkeyAuthentication is enabled on the remote server’s sshd configuration.

   $ sudo grep -i PubkeyAuthentication /etc/ssh/sshd_config
   [sudo] password for user:
   PubkeyAuthentication yes

   Public key authentication is normally enabled by default; if no explicit line is present, OpenSSH usually behaves as though PubkeyAuthentication yes is set.

   Related: How to disable SSH public key authentication

4. Transfer the public key to the remote SSH server.

   $ ssh-copy-id user@remote-host
   /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
   /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
   user@remote-host's password:
   
   Number of key(s) added: 1
   
   Now try logging into the machine, with:   "ssh 'user@remote-host'"
   and check to make sure that only the key(s) you wanted were added.

   Related: How to copy an SSH public key to a server

5. Test the connection by logging in to the remote server.

   $ ssh user@remote-host
   Last login: Fri Jun 28 00:12:15 2019 from 192.168.111.135
   [user@remote-host ~]$

   Absence of a password prompt confirms successful passwordless login using the configured key.