Setting Up Password-less SSH Login

Setting Up Password-less SSH Login (on Server)

  1. Install and Enable SSH
sudo apt update && sudo apt install -y openssh-server
sudo systemctl enable --now ssh
  1. Check that SSH is running:
sudo systemctl status ssh
  1. Change SSH Port (Security Measure)

Open the SSH configuration file:

sudo vim /etc/ssh/sshd_config

Find and change the line:

#Port 22

To a custom port, e.g.:

Port 2222

Save and Exit:

Press ESC, then type:

:wq
  1. Restart SSH service to apply changes:
sudo systemctl restart ssh
  1. Configure Firewall (UFW)
sudo ufw allow <NEW_PORT>/tcp
sudo ufw reload

[!NOTE] An alternative command is with firewalld:

sudo firewall-cmd --add-port=<NEW_PORT>/tcp --permanent
sudo firewall-cmd --reload

Make sure the firewalld service is running with sudo systemctl enable --now firewalld.

Disable password authentication (OPTIONAL - Forces SSH key usage)

  1. Edit the SSH config:
sudo vim /etc/ssh/sshd_config

Set the following:

PasswordAuthentication no
PermitRootLogin no

Press ESC, then type:

:wq
  1. Restart SSH:
sudo systemctl restart ssh

Setting Up SSH Key-Based Authentication (on Local)

  1. Initialize agent:
eval "$(ssh-agent -s)"
  1. Set the desired SSH key (in case of multiple keys):
ssh-add /path/to/ssh/id_ed25519_<USER>
  1. Check the default key used:
ssh-add -l
  1. Add a config file for easy access:
nvim ~/.ssh/config

Add the following host block:

Host <HOST_NAME>
    HostName <RASPBERRY_IP>
    Port <NEW_PORT>
    User <RASPBERRY_USER>
    IdentityFile /path/to/ssh/id_ed25519

Save and Exit:

Press ESC, then type:

:wq
  1. Copy your public key to the Raspberry Pi:
ssh-copy-id -p <NEW_PORT> -i /path/to/ssh/id_ed25519 user@raspberrypi-ip
  1. Now you can log in without a password and without specifying the user or IP:
ssh <HOST_NAME>