12

I would to know how I can deactivate the login password on my Raspberry Pi? I need to login automatically after entering the following command on terminal:

ssh pi@<IP_address>

i.e., it should not ask for password to login.

techraf
  • 4,319
  • 10
  • 31
  • 42
sumith
  • 613
  • 2
  • 9
  • 17

2 Answers2

10

It is NOT recommended to disable the SSH password if your device is going to publicly available - for example connected to the internet with SSH port forwarder.

To disable SSH login authentication you need to edit some files:

  1. /etc/ssh/sshd_config
    • Edit that file
  2. PasswordAuthentication yes - ChallengeResponseAuthentication yes - UsePAM yes
    • find those lines and make sure they are no and have no # in front.

Restart SSHD or the Pi

If you get a message

Permission denied (publickey)

then set these in sshd_config to no,

RSAAuthentication yes

PubkeyAuthentication yes

Restart SSHD or the Pi

TIPS

In sshd_config you can add. So it will only ask root for password,

Match User !root
    PasswordAuthentication no

And then you add a new user with limited permissions.Always log in as that user and when you need to do something as root you can just use sudo "command" - enter the root password and it will do it and come back to your low privilege user.

  • To elevate into a root console from low privilege just type sudo enter your password. Once you are done type exit and you will drop back to the low privilege user.

  • Did I already say that removing root user password and ssh key login is a very bad idea on a device that will be publicly available. Never do this on a public device!

  • Here is a guide how to setup up private/public keys

Piotr Kula
  • 17,307
  • 6
  • 65
  • 104
  • 3
    Also the SSH keys is a popular way to avoid entering passwords and is much better than just removing / avoiding / bypassing your passwords. But I answered your specific question- I hope these other suggestions/answers will help you too. Thanks and Good luck! – Piotr Kula Nov 01 '12 at 13:45
  • Hi, I changed PasswordAuthentication yes in file sshd_config to PasswordAuthentication no. But when I restarted the pi and entered the following command ssh pi@(IP Address),it shows Permission denied (publickey). I tried to add new user then it shows error connection (ssh pi@IP address) refused. I would like to know ,Why? – sumith Nov 02 '12 at 05:47
  • Well it looks like the SSH keys kick after you disable the password. It is a redundant security feature of what gfelisberto is talking about... I added how to remove that- But again its not a good idea- but that is what your question is about and maybe others will need to the same for internal testing. – Piotr Kula Nov 02 '12 at 10:09
  • 1
    Ok,I agree with you. Its not a good idea.However I would like to do this for a testing purpose – sumith Nov 03 '12 at 06:04
  • Isn't it really sufficient to just use PasswordAuthentication no to disable password login? Is it really required to set also ChallengeResponseAuthentication no and UsePAM no ? – Grzegorz Wierzowiecki Feb 04 '17 at 08:03
  • @GrzegorzWierzowiecki Honestly, yes, I can't see why the other settings are needed since it becomes impossible to log in with a password simply by changing PasswordAuthentication to no. If there is a reason, though, it'd be good is someone could update the answer to explain. – Joseph Feb 17 '22 at 17:12
9

Instead of not using passwords what you need is SSH keys: SSH with authentication key instead of password.

After configuring key authentication you can then remove the password from the local (client) key and ssh pi@rasp will just work. But only from a machine that has the key.

esqew
  • 103
  • 4
gfelisberto
  • 260
  • 1
  • 6