How to set up passwordless SSH access for root user

Part 1 : SSH key without a password

To set up a passwordless SSH connection for the root user you need to have root access on the server. Easiest method is to temporarily allow root to log in over ssh via password. One way or another you need root access on the server to do this. If you do not have root access on the server, contact the server administrator for help.

On the client (where you ssh FROM)

First make a ssh key with no password. I highly suggest you give it a name rather then using the default

ssh-keygen -f foo

The -f option specifies a file name, foo is an example, use whatever name you wish.

When you are prompted for a password, just hit the enter key and you will generate a key with no password.

Next you need to transfer the key to the server. Easiest method is to use ssh-copy-id . To do this you must temporarily allow root to ssh into the server.

On the server (where you ssh TO)

edit /etc/ssh/sshd_config

sudo nano /etc/ssh/sshd_config

Make sure you allow root to log in with the following syntax

PasswordAuthentication yes
PermitRootLogin yes

Restart the server

sudo service ssh restart

Set a root password, use a strong one

sudo passwd

On the client :

From the client, Transfer the key to the server

ssh-copy-id -i ~/.ssh/foo root@server

change "foo" the the name of your key and enter your server root password when asked.

Test the key

ssh -i ~/.ssh/foo root@server

Assuming it works, unset a root password and disable password login.

On the server :

sudo passwd -l root

Edit /etc/ssh/sshd_config

sudo nano `/etc/ssh/sshd_config`

Change the following :

PasswordAuthentication no
PermitRootLogin without-password

Restart the server

sudo service ssh restart

On the client (Test):

You should now be able to ssh in with your key without a password and you should not be able to ssh in as any user without a key.

ssh -i ~/.ssh/foo root@server

Part 2 : Running commands via sudo without entering a password

You configure sudo to allow you to run commands without a password.

This is answered here in two places:

  • How do I run specific sudo commands without a password?
  • How to run sudo command with no password?

Of the two, I suggest allowing as few commands as possible (first answer) rather then all commands (second answer).


You are confusing two different things:

passwordless log is used to make sure that people can't log into your system remotely by guessing your password. If you can ssh username@machine and connect without a password, this is set up correctly, and has nothing else to do with this.

sudo is used to permit a normal user account to do something with super user permissions. This does require the user to type their password. This happens whether you are connected remotely (via passwordless or password-protected SSH) or are local on the machine. You are trying to set sudo to not ask for your password, which is not recommended, but you can learn how to do that via an answer like https://askubuntu.com/a/74083/6161

Note to future readers of this answer:

My above answer does not answer the original poster's actual question, it describes what you should do instead. If you really want to allow remote connections directly to the root account, you need to enable the root account (see my comment below). Again, let me say DO NOT allow remote remote log-ins to your root account.


Q. Login to remote host as root user using passwordless SSH (for example ssh root@remotehost_ip)

A. In order to login to remote host as root user using passwordless SSH follow below steps.

1st Step:
First you have to share local user's public key with remote host root user's authorized_keys file. There are many ways to do so, here is one example.

https://www.digitalocean.com/community/tutorials/how-to-set-up-ssh-keys--2

Or you can simply copy paste your public key content to remote host root user's authorized_keys file.

2nd step:
Configure ssh to permit passwordless login in remote host. Login to remote host and edit /etc/ssh/sshd_config file then restart ssh service. Do not forget to comment out "PermitRootLogin yes".

#vim /etc/ssh/sshd_config
PermitRootLogin without-password
StrictModes no

#service ssh restart

Comment out #PermitRootLogin yes

3rd step:
Test you connection from your local machine using user whose public key is shared earlier.

$ssh root@remotehost_ip

Tags:

Ssh