How To Set up a Passwordless SSH Login in Ubuntu 22.04

This guide is intended to disable the password-based SSH login for the root user and create an identity file-based SSH authentication like AWS, HP cloud provides a way to log in. If you are using VPSDime, you will get the option while reinstalling OS. Still, many of the web hosts deliver SSH login using the root user account. This is a security risk since any attacker can easily guess the username root and run a dictionary-based attack. The attackers can log in using the root account using different types of methods.

Definitely, using fail2ban reduces the risk but for multiple reasons we need to enable this key based login system. We need to perform a few steps so that we can log in to a non-root user account belonging to the sudoers group using a certificate-based identification system. After a successful login, we have to run the sudo su command to gain the root privilege.

Create a non-root User and Disable SSH Login of the root User

SSH as root user and add a new user with the command:

example-name is an example. You can replace newuser with any username you wish. It can be harry, joe, krishna etc. The adduser command creates a new user, plus a group and home directory for that user.

After running this command, you’ll be asked for password and some questions.

You may get an error message that you have insufficient privileges. (This typically only happens for non-root users.) The system will add the new user; and then prompt you to enter a password. Enter a secure password, then retype it to confirm. You can SSH to the server with this username and password but you’ll not gain the root privilege. For that reason, we have to add the new user to the sudoers group:

Now, open a new terminal window and try to SSH with this username. After login, type sudo su and check whether you can run commands just like the root user. If you can, then move to the next step. Open the SSH configuration file while logged in as this user. Do not keep any SSH session open from the root user account:

Find the line PermitRootLogin and set it to no, usually, this is the last line of the file:

restart the service:

Now, you’ll unable to SSH as the root user. This is secure but we will make the system more secure.

Setup SSH Login with Key File

Login as this newly created user and run sudo su to gain root privilege. Do not execute these commands as the root user. Run these commands:

Do not work as the root user. The above screenshot was taken to avoid showing the username.

Hit the Enter key to leave the passphare empty. It will generate 2 files in pem dir (identity and identity.pub). Copy public key contents to authorized_keys:

Run a cat command on authorized_keys to verify the content. Now run cat on the private key:

This is the file you’ll use to SSH to the server. Do not loss it.

Highlight the content using your mouse and copy it. Paste it on your local computer’s new text file (save it as name.pem, the name can be anything you want). Save a copy on your GitHub private gist, Dropbox Cloud etc as a backup. For example, I have saved the file named as name.pem on the computer from where I will SSH to this server. Set permission for PEM file on your local copy:

First test whether you can SSH with this key to log in:

It will ask you for a password. The next step is risky for the first-time deployment since you can loss the SSH access. So, SSH to your server from two other bash screens. There is always a way for the sysadmins sitting on the datacenter to SSH in any situation but that will consume time.

Disable the password-based authentication:

Update PasswordAuthentication from “yes” to “no” as below:

Restart SSH server:

Do not close any SSH session. Open a new bash screen on your local computer and run SSH login command in this format:

You can face this kind of error:

That is usually related to some mistake while following the steps. Also, this command is important:

If the file permission changes, the authentication