Afdrukken

How to passwordless ssh root login to ubuntu 22.04

Details
Hits: 1087

NOT recommended, i know, but needed to run a automated update script from one server to another. So here's how, because even ChatGPT doesn't know the correct answer right away... 

On the 'target' machine:

Connect to your Ubuntu 22.04 machine via SSH as a user with sudo privileges.

Open the sshd_config file using your preferred text editor:

sudo nano /etc/ssh/sshd_config

Locate the following line and change its value to "yes":

PermitRootLogin yes

This will allow root login via SSH.

Next, add the following two lines to the end of the file:

AuthenticationMethods publickey #Here chatGPT goes wrong! With this option password-login will be disabled, so you can not copy the key anymore. And if you use password login to login as normal user? That does also NOT work anymore. So bad idea. (for me.) The line below is okay:
PubkeyAuthentication yes

Restart the SSH service for the changes to take effect:

sudo service ssh restart

Next, you need to set a temporary root password, because otherwise the copy-id action (below) will fail.

sudo passwd
[sudo] password for linuxconfig:
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully

On the source machine:

First check on your local machine if the account that you want use to connect has already a SSH key pair:

ls ~/.ssh
id_rsa id_rsa.pub known_hosts   

If there is not a id_rsa and a id_rsa.pub then enter the following command: ssh-keygen

Copy the public key to the Ubuntu target machine:

ssh-copy-id root@<your-server-ip>

Enter the (just created) root user's password for the first and the last time!

This will add the public key to the root user's authorized_keys file, which will allow passwordless SSH login.

Test the login by connecting to your Ubuntu machine as root:

ssh root@<your-server-ip>

If everything works correctly, you should now be logged in as root without needing to enter a password.

Back to the target Machine:

Reset the root password: If you want to remove the root password completely, run the following command:

sudo passwd -d root
passwd: password expiry information changed.

This will delete the root password, effectively making the root account passwordless. This means that you can not login with root@ssh because ssh does not allow that. :-)

When this is done, all is set to login remotely as root user with Public Key Authentication.

Have fun with that!