Linux

How to Set an SSH Key on Ubuntu 20.04

How to Set an SSH Key on Ubuntu 20.04

Secure Shell (SSH) is a network protocol for making secure connections between clients and servers. With SSH, you can run commands on a remote machine, create tunnels, forward ports, and more.

SSH supports various authentication mechanisms. The two most common are passwords and public key-based authentication.

Authentication using public keys is based on the use of digital signatures, and it’s safer and more convenient than traditional password authentication.

This article explains how to create an SSH key on an Ubuntu 20.04 system. We will also show you how to set up SSH key-based authentication and connect to a remote Linux server without entering a password.

Generate an SSH key on Ubuntu

Chances are you already have an SSH key pair on your Ubuntu client machine. If you create a new key pair, the old one will be overwritten. To check if the key file exists, run the following ls command:

ls -l ~/.ssh/id_*.pub

If the command returns something like No files or directories, or no matches found, it means that the user does not have an SSH key, and you can proceed with the next step and generate an SSH key pair. If not, if you have an SSH key pair, you can existing or back up the old key and generate a new pair.

To generate a new 4096 bit SSH key pair with your e-mail address as a comment, run:

ssh-keygen -t rsa -b 4096 -C "your_email@domain.com"

You will be asked to specify a file name:

Enter file in which to save the key (/home/yourusername/.ssh/id_rsa):

The default location and file name must be good for most users. Press Enter to accept and continue.

Next, you will be asked to type a secure password. The passphrase adds an additional layer of security. If you set a passphrase, you will be asked to enter it every time you use the key to enter the remote machine.

If you don’t want to set a password, press Enter.

Output :

Enter passphrase (empty for no passphrase):

The whole interaction looks like this:

1(3)

To verify your newly created SSH key pair, type:

ls ~/.ssh/id_*

Output :

/home/yourusername/.ssh/id_rsa /home/yourusername/.ssh/id_rsa.pub

There she is. You have successfully created an SSH key pair on your Ubuntu client machine.

Copy Public Key to Remote Server

Now that you have an SSH key pair, the next step is to copy the public key to the remote server that you want to manage.

An easy and recommended way to copy public keys to the server is to use the ssh-copy-id tool. On your local machine type:

ssh-copy-id remote_username@server_ip_address

You will be asked to enter the remote user password:

Output :

remote_username@server_ip_address's password:

After the user is authenticated, the public key ~ / .ssh / id_rsa.pub will be added to the remote user file ~ / .ssh / Authorized_key, and the connection will be closed.

Output :

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'username@server_ip_address'"
and check to make sure that only the key(s) you wanted were added.

If for some reason the ssh-copy-id utility is not available on your local computer, use the following command to copy the public key:

cat ~/.ssh/id_rsa.pub | ssh remote_username@server_ip_address "mkdir -p ~/.ssh && chmod 700 ~/.ssh && cat >> ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys"

Login to your server using the SSH key

After completing the steps above, you should be able to log in to the remote server without a password.

To test this, try logging in to your server via SSH:

ssh remote_username@server_ip_address

If you have not set a passphrase for the private key, you will be logged in immediately. If not, you will be asked to enter your password.

Disabling SSH Password Authentication

Disabling password authentication adds an additional layer of security to your server.

Before disabling SSH password authentication, make sure you can log in to your server without a password, and the user you are logging in has sudo rights.

Log in to your remote server:

ssh sudo_user@server_ip_address

Open the SSH configuration file with your text editor:

sudo nano /etc/ssh/sshd_config

Look for the following directives and modify as follows:

/etc/ssh/sshd_config
PasswordAuthentication no
ChallengeResponseAuthentication no
UsePAM no

When finished, save the file and restart the SSH service by typing:

sudo systemctl restart ssh

At this point, password-based authentication is disabled.

Conclusion

We have shown you how to create a new SSH key pair and set up SSH key-based authentication. You can use the same key to manage multiple remote servers. You have also learned how to disable SSH password authentication and add an additional layer of security to your server.

By default, SSH listens on port 22. Changing the default SSH port reduces the risk of automatic attacks. To simplify your workflow, use the SSH configuration file to determine all your SSH connections.

If you have questions or feedback, don’t hesitate to leave a comment.

Related posts

How to Install an Ubuntu 20.04 LTS (Focal Fossa) Server

Howto

How to Install Apache ActiveMQ on Debian 10

Linux

How to Install MySQL on Ubuntu 20.04

Linux

How to make Ubuntu look like Windows XP

Windows

How Linux makes data recovery easy

Linux

Using the ‘ldd’ command on Linux

Linux

How to ZSH and Oh-my-zsh Settings on Linux

Linux

How to use Modprobe Commands on Linux

Linux

How to Install Ubuntu on a Raspberry Pi

Linux