https://linuxize.com/post/how-to-set-up-ssh-keys-on-ubuntu-1804
Secure
Shell (SSH) is a cryptographic network protocol used for secure
connection between a client and a server and supports various
authentication mechanisms.
The two most popular mechanisms are passwords based authentication and public key based authentication. Using SSH keys is more secure and convenient than traditional password authentication.
In this tutorial we will walk through how to generate SSH keys on Ubuntu 18.04 machines. We will also show you how to setup a SSH key-based authentication and connect to your remote Linux servers without entering a password.
If there are existing keys, you can either use those and skip the next step or backup up the old keys and generate a new one.
Generate a new 4096 bits SSH key pair with your email address as a comment by typing:
Next, you’ll be prompted to type a secure passphrase. Whether you want to use passphrase its up to you. If you choose to use passphrase you will get an extra layer of security.
To verify your new SSH key pair is generated, type:
The easiest and the recommended way to copy your public key to the server is to use a utility called
Before disabling SSH password authentication make sure you can login to your server without a password and the user you are logging in with has sudo privileges.
Log into your remote server:
Once you are done save the file and restart the SSH service by typing:
If you have any question or feedback feel free to leave a comment.
How to Set Up SSH Keys on Ubuntu 18.04
The two most popular mechanisms are passwords based authentication and public key based authentication. Using SSH keys is more secure and convenient than traditional password authentication.
In this tutorial we will walk through how to generate SSH keys on Ubuntu 18.04 machines. We will also show you how to setup a SSH key-based authentication and connect to your remote Linux servers without entering a password.
Creating SSH keys on Ubuntu
Before generating a new SSH key pair, first check for existing SSH keys on your Ubuntu client machine. You can do that by running the following command: ls -l ~/.ssh/id_*.pub
If the command above prints something like
No such file or directory or no matches found it means that you don’t have SSH keys on your client machine and you can proceed with the next step and generate SSH key pair.If there are existing keys, you can either use those and skip the next step or backup up the old keys and generate a new one.
Generate a new 4096 bits SSH key pair with your email address as a comment by typing:
ssh-keygen -t rsa -b 4096 -C "your_email@domain.com"
The output will look something like this:
Enter file in which to save the key (/home/yourusername/.ssh/id_rsa):
Press
Enter to accept the default file location and file name.Next, you’ll be prompted to type a secure passphrase. Whether you want to use passphrase its up to you. If you choose to use passphrase you will get an extra layer of security.
Enter passphrase (empty for no passphrase):
If you don’t want to use passphrase just press
The whole interaction looks like this:Enterls ~/.ssh/id_*/home/yourusername/.ssh/id_rsa /home/yourusername/.ssh/id_rsa.pubCopy the Public Key to Ubuntu Server
Now that you generated you SSH key pair, the next step is to copy the public key to the server you want to manage.The easiest and the recommended way to copy your public key to the server is to use a utility called
ssh-copy-id. On your local machine terminal type:ssh-copy-id remoteusername@server_ip_address
You will be prompted to enter the
remoteusername password: remoteusername@server_ip_address's password:
Once the user is authenticated, the public key
~/.ssh/id_rsa.pub will be appended to the remote user ~/.ssh/authorized_keys file and connection will be closed.Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'username@server_ip_address'"
and check to make sure that only the key(s) you wanted were added.
If by some reason the
ssh-copy-id utility is not available on your local computer you can use the following command to copy the public key: cat ~/.ssh/id_rsa.pub | ssh remoteusername@server_ip_address "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"Login to your server using SSH keys
After completing the steps above you should be able login to the remote server without being prompted for a password.
To test it just try to login to your server via SSH:ssh remoteusername@server_ip_address
If
you didn’t setup a passphrase for the private key, you will be logged
in immediately. Otherwise you will be prompted to enter the passphrase.
Disabling SSH Password Authentication
To add an extra layer of security to your server you can disable the password authentication for SSH.Before disabling SSH password authentication make sure you can login to your server without a password and the user you are logging in with has sudo privileges.
Log into your remote server:
ssh sudo_user@server_ip_address
Open the SSH configuration file
/etc/ssh/sshd_config with your text editor:sudo nano /etc/ssh/sshd_config
Search for the following directives and modify as it follows:
/etc/ssh/sshd_config
PasswordAuthentication no
ChallengeResponseAuthentication no
UsePAM no
Once you are done save the file and restart the SSH service by typing:
sudo systemctl restart ssh
At this point, the password based authentication is disabled.
Conclusion
In this tutorial you have learned how to generate a new SSH key pair and setup a SSH key-based authentication. You can add the same key to multiple remote serves. We have also shown you how to disable SSH password authentication and add an extra layer of security to your server.If you have any question or feedback feel free to leave a comment.
No comments:
Post a Comment