Home / ubuntu / Questions / 115151
Accepted
Cerin
Asked: 2012-03-23 09:01:13 +0800 CST

How to set up passwordless SSH access for root user [duplicate]

  • 772

I need to configure a machine so software installation can be automated remotely via SSH. Following the wiki, I was able to setup SSH keys so my user can access the machine without a password, but I still need to manually enter my password when I use sudo, which obviously an automated process shouldn't have to do.

Although my /etc/ssh/sshd_config has PermitRootLogin yes, I can't seem to be able to log in as root, presumably because it's not a "real" account with a separate password.

How do I configure SSH keys, so a process can remotely log in as root on Ubuntu?

ssh

4 Answers

  1. Best Answer

    Part 1 : SSH key without a password

    To set up a passwordless SSH connection for the root user you need to have root access on the server. Easiest method is to temporarily allow root to log in over ssh via password. One way or another you need root access on the server to do this. If you do not have root access on the server, contact the server administrator for help.

    On the client (where you ssh FROM)

    First make a ssh key with no password. I highly suggest you give it a name rather then using the default 

    ssh-keygen -f foo

    The -f option specifies a file name, foo is an example, use whatever name you wish.

    When you are prompted for a password, just hit the enter key and you will generate a key with no password.

    Next you need to transfer the key to the server. Easiest method is to use ssh-copy-id . To do this you must temporarily allow root to ssh into the server.

    On the server (where you ssh TO)

    edit /etc/ssh/sshd_config

    sudo nano /etc/ssh/sshd_config

    Make sure you allow root to log in with the following syntax

    PasswordAuthentication yes
PermitRootLogin yes

    Restart the server

    sudo service ssh restart

    Set a root password, use a strong one

    sudo passwd

    On the client :

    From the client, Transfer the key to the server

    ssh-copy-id -i ~/.ssh/foo root@server

    change "foo" the the name of your key and enter your server root password when asked.

    Test the key

    ssh -i ~/.ssh/foo root@server

    Assuming it works, unset a root password and disable password login.

    On the server :

    sudo passwd -l root

    Edit /etc/ssh/sshd_config

    sudo nano `/etc/ssh/sshd_config`

    Change the following :

    PasswordAuthentication no
PermitRootLogin without-password

    Restart the server

    sudo service ssh restart

    On the client (Test):

    You should now be able to ssh in with your key without a password and you should not be able to ssh in as any user without a key.

    ssh -i ~/.ssh/foo root@server

    Part 2 : Running commands via sudo without entering a password

    You configure sudo to allow you to run commands without a password.

    This is answered here in two places:

    Of the two, I suggest allowing as few commands as possible (first answer) rather then all commands (second answer).

    • 71

  2. You are confusing two different things:

    passwordless log is used to make sure that people can't log into your system remotely by guessing your password. If you can ssh username@machine and connect without a password, this is set up correctly, and has nothing else to do with this.

    sudo is used to permit a normal user account to do something with super user permissions. This does require the user to type their password. This happens whether you are connected remotely (via passwordless or password-protected SSH) or are local on the machine. You are trying to set sudo to not ask for your password, which is not recommended, but you can learn how to do that via an answer like https://askubuntu.com/a/74083/6161

    Note to future readers of this answer:

    My above answer does not answer the original poster's actual question, it describes what you should do instead. If you really want to allow remote connections directly to the root account, you need to enable the root account (see my comment below). Again, let me say DO NOT allow remote remote log-ins to your root account.

    • 8

  3. Q. Login to remote host as root user using passwordless SSH (for example ssh root@remotehost_ip)

    A. In order to login to remote host as root user using passwordless SSH follow below steps.

    1st Step:
     First you have to share local user's public key with remote host root user's authorized_keys file. There are many ways to do so, here is one example.

    https://www.digitalocean.com/community/tutorials/how-to-set-up-ssh-keys--2

    Or you can simply copy paste your public key content to remote host root user's authorized_keys file.

    2nd step:
     Configure ssh to permit passwordless login in remote host. Login to remote host and edit /etc/ssh/sshd_config file then restart ssh service. Do not forget to comment out "PermitRootLogin yes".

    #vim /etc/ssh/sshd_config
PermitRootLogin without-password
StrictModes no

#service ssh restart

    Comment out #PermitRootLogin yes

    3rd step:
     Test you connection from your local machine using user whose public key is shared earlier.

    $ssh root@remotehost_ip
    • 7

  4. PermitRootLogin controls whether the user named "root" (to be precise: any user with UID 0) is allowed to login. If you're logging as root, you do not need sudo to perform privileged tasks.

    On the other hand, if you to login on a user account and use sudo without a password, you must configure the sudoers file without having to fiddle with /etc/ssh/sshd_config. See How to make Ubuntu remember forever the password after the first time

    • 2