How to set up SSH keys on Ubuntu 18.04

s2 0

Secure Shell (SSH) is a cryptographic network protocol that is used for a secure connection between a client and a server and supports various authentication mechanisms.

The two most popular mechanisms are password-based authentication and public-key authentication. Using SSH keys is more secure and convenient than traditional password authentication.

This tutorial will show you how to generate SSH keys on Ubuntu 18.04 computers. We’ll also show you how to set up SSH key-based authentication and connect to your remote Linux servers without entering a password.

Creating SSH Keys on Ubuntu

Before you first generate a new SSH key pair, check whether there are existing SSH keys on your Ubuntu client computer. You can do this by running the following ls command:

ls -l ~/.ssh/id_*.pub

If the above command prints something like No such file or directory or no matches found This means that you don’t have any SSH keys on your client computer and you can go to the next step and generate an SSH key pair.

If keys already exist, you can either use them and skip the next step, or back up the old keys and generate new ones.

Generate a new 4096-bit SSH keypair with your email address as a comment by typing:

ssh-keygen -t rsa -b 4096 -C "[email protected]"

The output looks something like this:

Enter file in which to save the key (/home/yourusername/.ssh/id_rsa):

Press Enter to accept the default file location and name.

Next, you will be asked to enter a secure passphrase. Whether you want to use a passphrase is up to you. If you choose to use a passphrase, you get an extra layer of security.

Enter passphrase (empty for no passphrase):

If you don’t want to use a passphrase, just press Enter.

The whole interaction looks like this:

To verify that your new SSH keypair has been generated, enter the following:

ls ~/.ssh/id_*
/home/yourusername/.ssh/id_rsa /home/yourusername/.ssh/id_rsa.pub

Copy the public key to the server

After you have generated your SSH key pair, the next step is to copy the public key to the server that you want to manage.

The easiest and most recommended way to copy your public key to the server is to use a utility called ssh-copy-id. On your local computer terminal type:

ssh-copy-id [email protected]_ip_address

You will be asked to enter it remote_username Password:

[email protected]_ip_address's password:

Once the user is authenticated, it becomes the public key ~/.ssh/id_rsa.pub is attached to the remote user ~/.ssh/authorized_keys The file and connection are closed.

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh '[email protected]_ip_address'"
and check to make sure that only the key(s) you wanted were added.

If for some reason the ssh-copy-id Utility is not available on your local computer, you can use the following command to copy the public key:

cat ~/.ssh/id_rsa.pub | ssh [email protected]_ip_address "mkdir -p ~/.ssh && chmod 700 ~/.ssh && cat >> ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys"

Log into your server with SSH keys

After following the steps above, you should be able to log in to the remote server without being asked for a password.

To test it, try logging into your server using SSH:

ssh [email protected]_ip_address

If you have not set a passphrase for the private key, you will be logged in immediately. Otherwise, you will be prompted for the passphrase.

Disable SSH password authentication

Disabling password authentication adds an extra layer of security to your server.

Before disabling SSH password authentication, make sure that you can log into your server without a password and that the user you are logging in with has sudo permissions.

Log in to your remote server:

ssh [email protected]_ip_address

Open the SSH configuration file /etc/ssh/sshd_config with your text editor:

sudo nano /etc/ssh/sshd_config

Find the instructions below and modify them as follows:

/ etc / ssh / sshd_config
PasswordAuthentication no
ChallengeResponseAuthentication no
UsePAM no

When you’re done, save the file and restart the SSH service by typing:

sudo systemctl restart ssh

At this point, password-based authentication is disabled.

diploma

In this tutorial you learned how to generate a new SSH key pair and set up SSH key-based authentication. You can add the same key to multiple remote servers. We also showed you how to disable SSH password authentication and add an extra layer of security to your server.

By default, SSH listens on port 22. Changing the default SSH port reduces the risk of automated attacks.

If you regularly connect to multiple systems, you can simplify your workflow by defining all of your connections in the SSH configuration file.

If you have any questions or feedback, please feel free to leave a comment.