Passwordless SSH: Setup Guide for Linux

If you ever get tired of typing in your SSH password, we’ve got good news. It’s possible to configure public key authentication on Linux systems, which allows you to connect to a server through SSH, without using a password.

The best part is, using key authentication is actually more secure than typing in a password each time. This is in addition to being far more convenient. It also allows you to automate certain tasks, such as rsync scripts or other Bash scripts that utilize SSH, SCP, etc.

The process for setting up key authentication involves generating ed25519 keys on one system, then copying the key to a remote host. The ed25519 algorithm is the current standard for SSH keys, offering better security and performance than older RSA keys. This works on any Linux distribution and is a short and easy process. Follow along with the instructions below as we take you through the step by step guide to configure passwordless SSH on Linux.

In this tutorial you will learn:

• How to generate ed25519 SSH keys
• How to transfer keys to remote systems
• How to login with SSH without a password

Software Requirements and Linux Command Line Conventions

Category	Requirements, Conventions or Software Version Used
System	Any Linux distro
Software	OpenSSH 6.5 or higher
Other	Privileged access to your Linux system as root or via the sudo command.
Conventions	# – requires given linux commands to be executed with root privileges either directly as a root user or by use of sudo command $ – requires given linux commands to be executed as a regular non-privileged user

Configure SSH Login Without Password

Setting up passwordless SSH authentication is a straightforward three-step process. You’ll generate keys on your local system, copy them to the remote server, and then connect without needing a password.

1. Generate ed25519 keys: Start by opening a terminal and generating ed25519 keys on the system that you will be connecting from. The -t ed25519 option specifies the key type. Press Enter three times to accept the default file location and skip the passphrase for passwordless login.

   $ ssh-keygen -t ed25519

   You’ll see output confirming the key generation:

   

2. Copy key to remote system: Next, we copy our public key to the remote system by using the ssh-copy-id command. Specify your SSH username and the remote system’s hostname or IP address. You’ll be prompted for the SSH login password one last time.

   $ ssh-copy-id user@hostname

   The command will confirm successful installation:

   /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/user/.ssh/id_ed25519.pub"
   /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s)
   /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed
   
   Number of key(s) added: 1
   
   Now try logging into the machine, with: "ssh 'user@hostname'"
   and check to make sure that only the key(s) you wanted were added.

3. Connect without password: Now that the key has been copied to the remote system, you can connect like usual, but without needing to provide a password anymore.

   $ ssh user@hostname

   You’ll be logged in immediately without any password prompt.

Why ed25519 Keys

This guide uses ed25519 keys, which are the current recommended standard for SSH authentication. They offer several advantages over older RSA keys:

• Better security: Equivalent protection to RSA-4096 keys with a much smaller key size
• Faster performance: Key generation and authentication are significantly quicker
• Smaller keys: ed25519 keys are only 68 characters compared to over 700 for RSA-4096
• Modern cryptography: Resistant to timing attacks and side-channel vulnerabilities

If you’re currently using RSA keys, consider migrating to ed25519. Check out our guide on migrating SSH keys from RSA to ed25519 for step-by-step instructions.

Managing Multiple Keys

If you need to use different keys for different servers, you can generate additional keys with custom names and manage them in your SSH config file.

1. Generate key with custom name: Create a key with a specific name for a particular server.

   $ ssh-keygen -t ed25519 -f ~/.ssh/id_ed25519_workserver

2. Copy specific key: When copying the key, specify which one to use with the -i option.

   $ ssh-copy-id -i ~/.ssh/id_ed25519_workserver.pub user@workserver.com

3. Use SSH config file: Create or edit ~/.ssh/config to automatically use the correct key for each host.

   $ vi ~/.ssh/config

   Add an entry for your server:

   Host workserver
       HostName workserver.com
       User your-username
       IdentityFile ~/.ssh/id_ed25519_workserver

   Now you can simply connect with:

   $ ssh workserver

For more advanced SSH configuration options, check out our SSH config generator tool.

Key Maintenance

Your SSH keys will continue to work indefinitely, but there are a few situations where you may need to regenerate them.

To remove your public key from a remote server, connect to that server and edit the ~/.ssh/authorized_keys file:

$ ssh user@hostname
$ vi ~/.ssh/authorized_keys

Delete the line containing your key (it will start with ssh-ed25519), then save and exit.

Related Resources

• SSH command in Linux with examples – Complete SSH command reference
• Migrate SSH keys from RSA to ed25519 – Upgrade your existing keys
• SSH config generator – Simplify SSH configuration management
• SSH port forwarding – Create secure tunnels

Closing Thoughts

In this guide, we saw how to configure SSH login without a password on Linux using modern ed25519 keys. Not only does this save us keystrokes every time we have to login, but it also provides better security than password authentication and allows us to automate tasks with Bash scripts that utilize SSH login. The ed25519 algorithm ensures you’re using current cryptographic standards while enjoying the convenience of passwordless authentication.