Configure SSH For Password-less Connections

Preamble

I’m slightly embarrassed to admit this, but it was a long time before I figured out how amazing this little file is and how exactly to put it to good use. The file I’m talking about is the SSH config file. By default, when you first connect to a server via SSH, you need to provide 3 things:

 

1. username
2. destination (domain name or IP address)
3. authentication

 

And typically, if you don’t have a custom SSH config file set up, you’ll be prompted for a password. And depending on the administrator or owner of the server, that password can be pretty complex and annoying to enter every single time you want to connect. This is especially annoying if the server kicks you for inactivity every 10 minutes or so (because I’m writing code or researching while I have an open SSH connection). In some special scenarios that annoyance can compound to the point of impracticality. For example, in situations where you need to push a codebase to multiple destinations.

Generate SSH Key Pair

In order to alliviate our password pain point, we’re essentially going to automate step 3, authentication. And instead of providing a password, we’re going to use an SSH key pair. But before we can do that, we’ll need to generate one. To do this, we’ll be using a command line tool called ssh-keygen ssh-keygen uses a few cryptographic algorithms in order to generate your key pairs. Entire college courses can be written and taken on the subject of cryptography, but for the sake of brevity, rsa is one you’ll see around a lot, it’s pretty common, but becoming less recommended. If your server supports it, from what I understand, it’s best to go with something like ed25519. To generate your SSH key pair, run the following: ssh-keygen -t ed25519 -f ~/.ssh/filename The -t flag allows you to choose the type of key to be generated, while the -f flag allows you to set the filename of the resulting key.

Upload Public Key

Depending on your hosting provider, the upload procedure may be different for different hosts, but the important thing is to only upload your public key. Typically, in various technical documentations, they’ll suggest cating out the contents of your public key with something like cat ~/.ssh/filename.pub. And yes, if it’s in your hosting providers official documentation, I’d recommend going with that. However, I did want to make note of a pretty cool tool I discovered while researching this.

In some situations, you’ll need to copy the public key manually to a specific location on the server your trying to access called authorized_keys. This is a special authorization file that stores login credentials for specific users. So in this case, an easier technique than copy/pasting from your public key into the authorized_keys file (which you can still do) is use the ssh-copy-id command like so: ssh-copy-id -i ~/.ssh/filename.pub user@remoteserver The -i flag designates an input file (public key) and the final argument is the ssh connection you want to set up, so user@host. This will automatically copy the contents of the public key and paste it into the authorized_keys file! Be sure to connect after running this command and confirm the correct key is in authorized_keys

Create or Edit your SSH Config File

While, yes, technically you can call it quits after your public key is server-side, and you can connect without using a password. But this is still kinda annoying if your hostname is super long. How wants to type ssh user-2flis9vgsdf@9v0asdles.hostname.io just to connect without a password? Who can even remember that? This is where the config file becomes your best friend.

If you don’t have an SSH config file (you’ll probably know if you do or not. If you have one, you likely created it yourself). Either way, you can check if a config file exists by listing the contents of your .ssh directory like ls ~/.ssh. If you see a file named config, then you have one. Otherwise, you can create one with touch ~/.ssh/config and open it with your favorite text editor.

Using our example above, let’s create a config for ssh user-2flis9vgsdf@9v0asdles.hostname.io and let’s assume we generated an ssh key for this host that’s called hostname.

So what’s going on here? Basically, what we’ve done is create an alias for the example connection. So now, instead of typing ssh user-2flis9vgsdf@9v0asdles.hostname.io, all we have to do is type ssh hostname-staging and boom. That’s it. You’re connected. No passwords. No hassle. One-time setup that makes future connections easy and fast.