1Problem

I want to connect to my remote server without typing a password every time. Right now, I have to enter the password or manually attach a key file, and it is annoying, slow, and easy to mess up. I just need a secure method that works automatically and lets me log in without any extra steps.

Assumptions:

• Remote server is accessible from your client machine (publicly or within network).
• Both client and server (remote) machines have SSH installed and running, and SSH port is open.

2Background

We’ll use SSH to connect from our local machine to our remote server. SSH does a lot behind the scenes, but we only need to understand a couple of important parts. Let’s look at those first.

2.1What is SSH (Secure Shell)

A cryptographic network protocol that enables encrypted communication and access between machines.

SSH operates in a client-server model. On a typical Linux system, SSH comes in two parts:

• ssh – The SSH client you use to connect to other machines.
• sshd – The SSH server that runs as a service on a machine and listens for incoming connections, usually on TCP port 22.

sudo apt update
sudo apt install openssh-client   # SSH client
sudo apt install openssh-server   # SSH server

2.2How SSH Connection Is Established ?

Following is the broad overview of how SSH connection works,

1. Client initiates the connection ssh john@192.0.2.10
2. Client verifies server’s identity
   • The client checks the server’s key against known_hosts.
   • If it’s the first time connecting, you get a warning and can choose to trust/save the server’s key.
3. Server verifies client’s identity
   • For key-based login, the server sends a challenge. For password-based login it sends the password over encrypted channel.
   • The client signs the challenge with its private key (which never leaves the device).
   • The server verifies the signature using the public key in authorized_keys (or falls back to password authentication).
4. Secure session established
   • All communication is encrypted.

3Implementation

There are multiple ways we can setup SSH connection to be made, we will discuss those here

3.1Vanilla SSH Connection

You can connect your client machine to another remote machine with a working network connection using the following SSH command:

# user@ip_address (of the remote machine with the SSH server running)
# `-p 22` specifies the port to connect to, it is optional if ssh running on default port
ssh -p 22 john@192.0.2.10``

The above command will prompt for the password of user john on the remote machine, which has the IP address 192.0.2.10 and an SSH server running on port 22.

Note: The above command will ask for password (if password authentication enabled) every time you try to connect to your remote machine.

3.2Connection Using SSH Key Pairs

To avoid entering your password every time you connect, you can use SSH key pairs (private and public keys) to set up the SSH connection.

3.2.1How to generate SSH key pairs ?

# ssh-keygen is a utility to generate SSH keys
# `-t ed25519` → high-performance elliptic curve digital signature algorithm
# `-f mykey` → name of the key files will be `mykey`
# `-N ""` → key with no passphrase
ssh-keygen -t ed25519 -f mykey -C "comment_for_key" -N ""

Running the above command will generate two files in your current directory:

• mykey your private key. Never share this, it serves as your identity.
• mykey.pub your public key. This should be copied to the remote machine and stored in the file ~/.ssh/authorized_keys.

3.2.2Manually copying your public key to remote server ?

To copy your public to server needs following steps to be done.

1. Open the public key cat mykey.pub and copy its content.
2. Log in to the remote server using a password.
3. Paste the copied public key from local machine into ~/.ssh/authorized_keys on the server (create the file if it doesn’t exist)

# LOCAL MACHINE #
# Open the public key `cat mykey.pub` and copy its content.
cat mykey.pub

# REMOTE MACHINE #
# Log in to the remote server using a password.

# Paste the copied public key from local machine into `~/.ssh/authorized_keys` on the server
mkdir -p ~/.ssh 
echo "paste-your-public-key-here" >> ~/.ssh/authorized_keys

# Must do permission settings
chmod 600 ~/.ssh/authorized_keys
chmod 700 ~/.ssh

3.2.3Copying Your Public Key To Remote Server Using ssh-copy-id?

We can use a utility which comes by default with openssh-client package for copying our public key to remote server.

# `-i <public_key.pub>` identity file
ssh-copy-id -i mykey.pub john@192.0.2.10

3.2.4How To Use SSH Key Pairs For Connection

Once keys are generated and public key is placed on the remote server. We can use the following command to connect to the remote server.

# `-i mykey` specifies the identity (private) key from your local machine
ssh -i mykey john@192.0.2.10
# The above command will not prompt for a password if you generated the key with -N "" (i.e., no passphrase).

The above command will not prompt for a password if you generated the key with -N "" (no passphrase).

3.3Automatic SSH Authentication Setup

In both the Vanilla SSH Connection and Connecting Using SSH Key Pairs methods described above, every time you connect you need to provide some kind of credential, either a password or a private key. But what if you do not want to keep typing these credentials and spend my brainpower on it?

3.3.1Using ssh-agent

To automate providing your private key from the client to the server on connection, one way is to use ssh-agent, which comes bundled with the OpenSSH client by default.

When you add a key to ssh-agent it keeps your keys in memory and automatically provides the matching key when you try to connect to a server.

You can add your private key to ssh-agent in following way,

# This command **starts the ssh-agent in the background** and sets up your shell to communicate with it.
eval "$(ssh-agent -s)"

# private key on local machine
ssh-add mykey 

# ssh agent will provide the key for this connection
ssh john@192.0.2.10

Note: A key (private) added to ssh-agent only lives for the current session. After logout or reboot, you need to add it again to ssh-agent.

3.3.2Utilizing the SSH Configuration File

But what if you want to simplify your SSH authentication and avoid typing your username, host, or private key every time you connect? One way is to use the SSH configuration file, which by default lives at ~/.ssh/config.

You can give a name to an SSH connection and specify all its related settings. Then, you can connect using the connection name instead of the username and IP address. This also helps hide the username and host details when connecting in public.

Here is an example of setting up automatic authentication using the SSH configuration file:

Host embedded_device_10
    HostName 192.0.2.10
    User john
    Port 22

    # Path to your private key
    IdentityFile ~/.ssh/mykey

After naming an SSH connection and providing all its essential details and credentials, you can simply connect to it using the following command:

ssh embedded_device_10

Note: Using the SSH config file simplifies the process, but if your private key has a passphrase, you will still need to use ssh-agent or some other method to avoid entering the passphrase every session.