How to set up SSH keys on Ubuntu 20.04

s2 0

Secure Shell (SSH) is a network protocol used to establish a secure connection between a client and a server. SSH lets you run commands on remote computers, create tunnels, forward ports, and more.

SSH supports various authentication mechanisms. The two most common are password-based and public-key-based authentication.

Public key authentication is based on the use of digital signatures and is more secure and convenient than traditional password authentication.

This article explains how to generate SSH keys on Ubuntu 20.04 systems. We’ll also show you how to set up SSH key-based authentication and connect to remote Linux servers without entering a password.

Creating SSH Keys on Ubuntu

Chances are you already have an SSH key pair on your Ubuntu client computer. If you generate a new key pair, the old one will be overwritten. To verify that the key files are present, do the following: ls

ls -l ~/.ssh/id_*.pub

If the command returns something like No such file or directory, or no matches found, it means the user does not have an SSH key and you can go to the next step and generate an SSH key pair. Otherwise, if you have an SSH key pair, you can either back up the existing or old keys and generate a new pair.

To generate a new 4096-bit SSH keypair with your email address as a comment, do the following:

ssh-keygen -t rsa -b 4096 -C "[email protected]"

You will be asked for the filename:

Enter file in which to save the key (/home/yourusername/.ssh/id_rsa):

The default location and file name should be appropriate for most users. Press Enter to accept and continue.

Next, you will be asked to enter a secure passphrase. A passphrase adds an extra layer of security. If you set a passphrase, you will be asked to enter it every time you log on to the remote computer with the key.

If you do not want to set a passphrase, press Enter.

Enter passphrase (empty for no passphrase):

The whole interaction looks like this:

To verify that your new SSH keypair has been generated, enter the following:

ls ~/.ssh/id_*
/home/yourusername/.ssh/id_rsa /home/yourusername/.ssh/

That’s it. You have successfully generated an SSH key pair on your Ubuntu client computer.

Copy the public key to the remote server

Now that you have an SSH key pair, the next step is to copy the public key to the remote server that you want to manage.

The easiest and recommended way to copy the public key to the server is to use the ssh-copy-id Tool. On your local machine type:

ssh-copy-id [email protected]_ip_address

You will be prompted for the remote user password:

[email protected]_ip_address's password:

Once the user is authenticated, it becomes the public key ~/.ssh/ is attached to the remote user ~/.ssh/authorized_keys File and the connection will be closed.

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh '[email protected]_ip_address'"
and check to make sure that only the key(s) you wanted were added.

If for some reason the ssh-copy-id Utility is not available on your local computer, use the following command to copy the public key:

cat ~/.ssh/ | ssh [email protected]_ip_address "mkdir -p ~/.ssh && chmod 700 ~/.ssh && cat >> ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys"

Log into your server with SSH keys

After following the steps above, you should be able to log in to the remote server without being asked for a password.

To test it, try logging into your server using SSH:

ssh [email protected]_ip_address

If you have not set a passphrase for the private key, you will be logged in immediately. Otherwise, you will be prompted for the passphrase.

Disable SSH password authentication

Disabling password authentication adds an extra layer of security to your server.

Before disabling SSH password authentication, make sure that you can log into your server without a password and that the user you are logging in with has sudo permissions.

Log in to your remote server:

ssh [email protected]_ip_address

Open the SSH configuration file with your text editor:

sudo nano /etc/ssh/sshd_config

Find the instructions below and modify them as follows:

/ etc / ssh / sshd_config
PasswordAuthentication no
ChallengeResponseAuthentication no
UsePAM no

When you’re done, save the file and restart the SSH service by typing:

sudo systemctl restart ssh

At this point, password-based authentication is disabled.


We showed you how to generate a new SSH key pair and set up SSH key-based authentication. You can use the same key to manage multiple remote servers. You also learned how to disable SSH password authentication and add an extra layer of security to your server.

By default, SSH listens on port 22. Changing the default SSH port reduces the risk of automated attacks. To simplify your workflow, use the SSH configuration file to define all of your SSH connections.

If you have any questions or feedback, please feel free to leave a comment.