Passwordless SSH login is becoming increasingly popular among software developers and IT professionals. With this authentication method, users can log into a remote server without entering a password every time.
In the previous article, we created an ed25519-sk ssh key pair on Windows 10. This article will teach you how to achieve passwordless SSH login using the ed25519-sk key pairs generated before with your Yubikey to remote control your Linux VM/VPS.
Step 1: If you are not using Windows 10 and want to create your public/private ed25519-sk key pair on Ubuntu 22.04. On the terminal, type
ssh-keygen -t ed25519-sk -f securityKeyYou may need to enter your security key PIN if you have set it up on Yubikey Manager.
Step 2: Copy the public key to the VM/VPS you want to remote passwordless with Yubikey by
ssh-copy-id -i ~/.ssh/securitykey.pub user@serverRepeat step 2 multiple times if you have numerous Yubikeys.
Step 3: On the Ubuntu 22.04 VM/VPS, you want to remote passwordless with Yubikey, install the required packages by
sudo apt update
sudo apt install net-tools openssh-server libpam-u2f libyubikey-udev git -yStep 4: Z4yx develops a PAM-RSSH package for passwordless SSH login with a Yubikey. We need to install it manually.
git clone --recurse-submodule https://github.com/z4yx/pam_rssh.git
cd pam_rssh
sudo apt install cargo pkg-config libssl-dev libpam0g-dev -y
cargo build --release
sudo cp target/release/libpam_rssh.so /usr/local/lib/Step 5: Edit /etc/sudoers on your Ubuntu VM/VPS.
sudo nano /etc/sudoersBefore the line use_pty, add
Defaults env_keep += "SSH_AUTH_SOCK"
Press Ctrl + X to save the file.
Step 6: Modify/etc/pam.d/sudo on your Ubuntu VM/VPS.
sudo nano /etc/pam.d/sudoAfter the line @include common-auth, add
auth sufficient /usr/local/lib/libpam_rssh.so
Press Ctrl + X to save the file.
‘sufficient‘ means it will fall back to traditional password login if your Yubikey is absent. You may change it to ‘required‘ to ensure Yubikey is present during the authentication. However, it is safer not to set it as ‘required’ now. Even if there are problems with the PAM_RSSH module during installation, you can still log back into your VM/VPS through a password.
Step 7: Create an SSH connection to your VM/VPS with Yubikey with this command Repace your_username with your VM/VPS username and your_device_IP with your device IP.
ssh your_username@your_device_IP -i securityKeyIn my case, it is
ssh [email protected] -i securityKeyOn Windows 10, the authentication will be something like
After the authentication, you can control your VM/VPS through SSH. (Again, you can set up a security key PIN on your Yubikey via Yubikey Manager.)
On Ubuntu 22.04, the authentication looks like
Congratulation! We have successfully configured the required packages on our Ubuntu 22.04 VM/VPS for passwordless SSH login using Yibikey!