Don't use a password. Generate a passphrase-less SSH key and push it to your VM.
If you already have an SSH key, you can skip this step…
Just hit Enter for the key and both passphrases:
$ ssh-keygen -t rsa -b 2048
Generating public/private rsa key pair.
Enter file in which to save the key (/home/username/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/username/.ssh/id_rsa.
Your public key has been saved in /home/username/.ssh/id_rsa.pub.
Copy your keys to the target server:
$ ssh-copy-id id@server
id@server's password:
Now try logging into the machine, with ssh 'id@server'
, and check-in:
.ssh/authorized_keys
Note: If you don't have .ssh dir and authorized_keys file, you need to create it first
to make sure we haven’t added extra keys that you weren’t expecting.
Finally, check to log in…
$ ssh id@server
id@server:~$
You may also want to look into using ssh-agent
if you want to try keeping your keys protected with a passphrase.
I needed to have rw for user only permissions on config. This fixed it.
chmod 600 ~/.ssh/config
As others have noted below, it could be the file owner. (upvote them!)
chown $USER ~/.ssh/config
If your whole folder has invalid permissions here's a table of possible permissions:
Path |
Permission |
.ssh directory (code) |
0700 (drwx------) |
private keys (ex: id_rsa ) (code) |
0600 (-rw-------) |
config |
0600 (-rw-------) |
public keys (*.pub ex: id_rsa.pub ) |
0644 (-rw-r--r--) |
authorized_keys (code) |
0644 (-rw-r--r--) |
known_hosts |
0644 (-rw-r--r--) |
Sources:
Best Answer
There are pro's and con's for either pw or key-based authentication.
In some cases, for example, key-based authentication is less secure than password authentication. In other cases, its pw-based that's less secure. In some cases, one is more convenient, in others, less.
It all boils down to this: When you do key-based authentication, you must secure your key with a passphrase. Unless you have ssh-agent running (ssh-agent frees you from entering your passphrase every time), you've gained nothing in terms of convenience. Security is disputable: the attack vector now shifted from the server to YOU, or your account, or your personal machine, (...) - those may or may not be easier to break.
Think outside of the box when deciding this. Whether you gain or loose in terms of security depends on the rest of your environment and other measures.
edit: Oh, just saw that you're talking about a home server. I was in the same situation, "password" or "USB stick with key on it" always with me? I went for the former but changed the SSH listening port to something different than 22. That stops all those lame script kiddies brute forcing whole network ranges.