How to configure passwordless login in Mac OS X and Linux

 

Overview

This article walks through configuring your website user's SSH connection to your DreamHost server so you will no longer have to enter your password.

Background

Once you set up a shell user and try to log in via SSH, you'll find you must enter your password each time. If you’d like to avoid entering your password every time, you can set up Passwordless Login. This way, you'll be able to automatically log in immediately without needing to enter your password.

How to configure passwordless login

The following instructions configure Passwordless Login for any Unix, Linux, OSX, or Cygwin machine.

In this article, username@server.dreamhost.com is used as the login example.

Additionally, you can use the default key name of id_ed25519 or create a custom key name. Make sure you use the key name you choose in Step #3 throughout the remaining steps.

 

Configuring a shell user

See this article for instructions on changing your website user to an SSH (shell user) in your panel. This is required to run the SSH commands in this article.

Creating the .ssh directory on your server (DreamHost server)

This step confirms if the .ssh directory already exists on your DreamHost server, which is needed to copy your local SSH key to your server.

Log into your server via SSH and run the following commands to confirm the ~/.ssh directory exists under your username.

[server]$ cd ~
[server]$ ls -la | grep .ssh
  • If you see the .ssh directory listed, proceed with the next step.
  • If you do not see it, run the following command to create this directory:
    [server]$ mkdir ~/.ssh

Generating the key pair (home computer)

On your home computer:

  1. Open an SSH terminal.
  2. Generate an ed25519 private key using ssh-keygen under your username:
    [local]$ ssh-keygen -t ed25519
    Generating a public/private ed25519 key pair.
    Enter the file in which you wish to save they key (i.e., /Users/username/.ssh/id_ed25519):
    

    Custom key name

    If you press Enter, the key will be created with the default name of id_ed25519.

    You can name this anything you like, but if you choose a custom name, you'll need to let your SSH client know about the new key name in Step #6 below. Also, if you choose to use a custom name, make sure to specify the full path to your user's .ssh directory. If you do not, the new key pair is created in the directory you're running the command. For example:

    [local]$ ssh-keygen -t ed25519
    Generating a public/private ed25519 key pair.
    Enter the file in which you wish to save they key (i.e., /Users/username/.ssh/id_ed25519): /Users/username/.ssh/customkey_ed25519
    
  3. Proceed through the prompts that appear.
    Enter a passphrase (leave empty for no passphrase).

    You do not need to enter a passphrase, but it's highly recommended as it protects your private key if compromised. If so, someone would still need your passphrase in order to unlock it. The exception to this is if you're running an automated process such as as cron job. You should then leave the password out. From ssh-copy-id:

    "Generally all keys used for interactive access should have a passphrase. Keys without a passphrase are useful for fully automated processes."
  4. Press Enter to continue.
    Enter same passphrase again:
  5. Press Enter to continue.
    The following message appears:
    Your identification has been saved in /Users/username/.ssh/custom_ed25519
    Your public key has been saved in /Users/username/.ssh/custom_ed25519.pub
    The key fingerprint is:
    SHA256:7pNvrznUREXWY2r1otEwUWo40aKfZDFsUVDac3YuzrI
    The key's randomart image is:
    +--[ED25519 256]--+
    |            o+*+=|
    |             X..o|
    |            @.= +|
    |           o #.* |
    |        Q o @oB o|
    |       .   *.C.+ |
    |        ..S.+    |
    |       .o . .o   |
    |        .+..+.   |
    +----[SHA256]-----+
    

Copying the public key to your DreamHost server (home computer)

  1. Run the following command to copy the public key on your local computer to DreamHost's server.
    [local]$ cat ~/.ssh/id_ed25519.pub | ssh username@server.dreamhost.com "cat >> ~/.ssh/authorized_keys"
    
    This command responds with the following:
    The authenticity of host 'server.dreamhost.com can't be established.
    ED25519 key fingerprint is SHA256:dhw3mJELPEz0i5Hzu/9lJR9FiJkK5EtiiPKAw/0zwuU.
    Are you sure you want to continue connecting (yes/no)? yes
    
  2. Confirm the fingerprint in your panel on the SSH Keys page.
  3. Type out the word yes to continue.
  4. Enter your ssh username password when prompted.

The commands above create a new file named authorized_keys under your DreamHost user in the ~/.ssh directory.

Update the directory and file permissions (DreamHost server)

You must now update the permissions for the .ssh directory and authorized_keys file to further secure your keys.

Log into your server via SSH and run the following commands: 

[server]$ chmod 700 ~/.ssh
[server]$ chmod 600 ~/.ssh/authorized_keys

Adding your custom key to your ssh client (home computer)

This step is only necessary if you give your key a custom name in Step #3.1 above. You must then let your SSH client know what the new name is using ssh-agent.

  1. Run the following command to start ssh-agent. Make sure you use the backquote ` character and not a single quote – this backquote character is usually on the top left of your keyboard on the tilde ~ key:
    [local]$ eval `ssh-agent`
    
  2. Run the following command to add your custom key.
    [local]$ ssh-add ~/.ssh/customkey_ed25519
    Identity added: /Users/username/.ssh/customkey_ed25519            
  3. Confirm it's been added by running the following. It will respond with your private key's fingerprint.
    [local]$ ssh-add -l
    256 SHA256:7pNvrznUREXWY2r1otEwUWo40aKfZDFsUVDac3YuzrI (ED25519)
  4. Confirm that fingerprint by generating a fingerprint from your custom key's public file.
    [local]$ ssh-keygen -l -f ~/.ssh/customkey_ed25519.pub
    256 SHA256:7pNvrznUREXWY2r1otEwUWo40aKfZDFsUVDac3YuzrI (ED25519)

Confirming the SSH connection (DreamHost server)

If everything is configured properly, you should now be able to access your DreamHost account through SSH without a password. Try logging in again.

[server]$ ssh username@server.dreamhost.com

You should now be able to log in without using a password.

Specifying a key pair for SSH to use

By default, your client will use the identity (private key) named id_ed25519. However, if you've created more than one key, you can specify which one to use when connecting using the -i flag. For example:

[server]$ ssh -i ~/.ssh/customkey_ed25519 username@server.dreamhost.com

See also

Did this article answer your questions?

Article last updated PST.

Still not finding what you're looking for?