How to Configure SSH Passwordless Login on openSUSE 15.3

One of the well-known and generally accepted OpenSSH best security practices is to configure and use public key authentication a.k.a passwordless authentication. Although this approach is fundamentally for security, on a lighter note, it also allows for ease of use because of not having to type a password every time you attempt to log on to your server.

This guide will walk you through the required steps to configure SSH passwordless authentication as well as disable password authentication on openSUSE 15.3.

Testing Environment:

  • Local Ubuntu with ssh client – 192.168.56.1
  • Remote openSUSE 15.3 server – 192.168.56.101

Step 1: Generate SSH Public/Private Key Pair

To create the key pair, use the ssh-keygen command with the -t flag to specify the key type. If used without any arguments, a 2048-bit RSA key will be generated. By default, the private key will be stored under the ~/.ssh/id_rsa directory and the public key under ~/.ssh/id_rsa.pub.

Note that you can generate a key pair with a custom name. Additionally, if you intend to use the key pair for interactive login, you can set a passphrase (synonymous with a password for accessing and using the key) while generating the key pair.

$ ssh-keygen
Generate SSH Key Pair
Generate SSH Key Pair

Now confirm that the key pair has been generated under the ~/.ssh directory using the ls command as shown.

$ ls -la .ssh/my_key*
Confirm SSH Key Pair
Confirm SSH Key Pair

Step 2: Upload SSH Key to Remote openSUSE Server

Next, upload the public key to the remote openSUSE server using the ssh-copy-id command as follows. Use the -i flag to specify the path to the public key and enter your ssh password when prompted:

$ ssh-copy-id -i .ssh/my_key.pub [email protected]

Tip: If you get the “Received disconnect from 192.168.56.101 port 22:2: Too many authentication failures, Disconnected from 192.168.56.101 port 22” error, use the IdentitiesOnly=yes option as described in the following command.

$ ssh-copy-id -i .ssh/my_key.pub -o IdentitiesOnly=yes [email protected]
Copy SSH Key to Remote openSUSE
Copy SSH Key to Remote openSUSE

Step 3: Connect to openSUSE Without SSH Passwordless

Now verify remote passwordless login to the openSUSE server. Try to log on with your private key as follows. Enter your passphrase whenever you are prompted to provide it.

$ ssh -i .ssh/my_key [email protected]
Connect to openSUSE Without SSH Password
Connect to openSUSE Without SSH Password

Step 4: Disable SSH Password Authentication

Caution: Ensure that you have set up and successfully tested passwordless authentication before disabling password authentication, otherwise you risk locking yourself out of the openSUSE server.

To disable password authentication, make sure the PasswordAuthentication and ChallangeResponseAuthentication configuration directives are set to no and UsePAM is set to yes as shown in the following screenshot.

Disable SSH Password Authentication
Disable SSH Password Authentication

Save the recent settings and restart the sshd daemon/service as shown.

$ sudo systemctl restart sshd

From now on, any user on the openSUSE server who tries to log on with password authentication will encounter the error shown in the following screenshot.

SSH Permission Denied Error
SSH Permission Denied Error

That’s all for now. To seek more information about this subject, reach us via the feedback form below.

Posted by Contributor