SSH public key - Login without password

SSH is the leading solution for securily logging into servers.

Many products use SSH in the background: git, rsync, ansible...

Public key authentication is quite convenient. You don't need to type your password for every 'git push' or 'ansible-playbook'. Use correctly, it can also make your server more secure.

This example is written for Debian 13-trixie.

Draft: This article has commands written from memory. It has not gone trough quality assuarance and testing yet.

Install SSH

Install the OpenSSH-server package

$ sudo apt-get update
$ sudo apt-get -y install ssh

Make SSH daemon start on boot (enable) and also start it now (--now)

$ sudo systemctl enable --now ssh

Test SSH

Normally, you would say user@host, such as tero@example.com. Here, we can leave out username, as it's the same on both machines.

$ ssh localhost

With 'w', you can see yourself logged in twice: once on the desktop, once trough ssh.

remote$ exit

Automatic login with SSH public key

Generate a keypair

$ ssh-keygen	# enter enter enter to accept the defaults

If you already have a keypair, don't overwrite it. The public key ($HOME/.ssh/id_*.pub) is literally public, you can use the same public key in all hosts. The public key ends with ".pub".

If you need the public key for VPS (virtual private server) provider, you can see and copy-paste your keys with 'head $HOME/.ssh/id*.pub'.

Copy it to hosts where you can already log in.

$ ssh-copy-id localhost

Once you've entered your password for the last time, ssh-copy-id adds your public key into .ssh/authorized_keys on the remote machine. Now your key is authorized for logins.

Your public key is used automatically

$ ssh localhost

Did you log in without giving your password?

Well done, you've now automated login with SSH public keys.

Troubleshooting

Here are some helpfull troubleshooting commands.

Client side:

$ ssh -v localhost

Server side:

$ sudo journalctl --follow
$ sudo systemctl status ssh