Using SSH public-key authentication to connect to a remote system is a robust, more secure alternative to logging in with an account password or passphrase. SSH public-key authentication relies on asymmetric cryptographic algorithms that generate a pair of separate keys (a key pair), one 'private' and the other 'public'. The.pub file is your public key, and the other file is your private key. If you don’t have these files (or you don’t even have a.ssh directory), you can create them by running a program called ssh-keygen, which is provided with the SSH package on Linux/Mac systems and comes with the MSysGit package on. SSH with Keys in a console window. This first short wil learn us how to generate a key without a passphrase, and use it in a console. 4.1 Creating A Key. When you want to use ssh with keys, the first thing that you will need is a key. If you want to know more about how this mechanism works you can have a look in chapter 3, SSH essentials. The file /.ssh/authorizedkeys (on the server) is supposed to have a mode of 600. The permissions of the (private) key on the client-side should be 600. If the private key was not protected with a password, and you put it on the server, I recommend you to generate a new one: ssh-keygen -t rsa.
I am a new Ubuntu 18.04 LTS user and I would like to setup ssh public key authentication. How do I set up ssh keys based authentication on Ubuntu Linux 18.04 LTS server? How do I set up SSH keys on an Ubuntu Linux 18.04 LTS server? In Ubuntu 18.04 LTS, how do I set up public key authentication?The procedure to set up secure ssh keys on Ubuntu 18.04:
Where,
In public key based method you can log into remote hosts and server, and transfer files to them, without using your account passwords. Feel free to replace 202.54.1.55 and client names with your actual setup. Enough talk, let’s set up public key authentication on Ubuntu Linux 18.04 LTS.
Open the Terminal and type following commands if .ssh directory does not exists:$ mkdir -p $HOME/.ssh
$ chmod 0700 $HOME/.ssh
Next generate a key pair for the protocol, run:$ ssh-keygen
OR$ ssh-keygen -t rsa 4096 -C 'My key for Linode server'
These days ED25519 keys are favored over RSA keys when backward compatibility is not needed:$ ssh-keygen -t ed25519 -C 'My key for Linux server # 42'
The syntax is as follows:ssh-copy-id your-user-name@your-ubuntu-server-name
ssh-copy-id -i ~/.ssh/file.pub your-user-name@your-ubuntu-server-name
For example:## for RSA KEY ##
ssh-copy-id -i $HOME/.ssh/id_rsa.pub [email protected]
## for ED25519 KEY ##
ssh-copy-id -i $HOME/.ssh/id_ed25519.pub [email protected]
## install SSH KEY for root user ##
ssh-copy-id -i $HOME/.ssh/id_ed25519.pub [email protected]
I am going to install ssh key for a user named vivek (type command on your laptop/desktop where you generated RSA/ed25519 keys):$ ssh-copy-id -i ~/.ssh/id_ed25519.pub [email protected]
Now try logging into the Ubuntu 18.04 LTS server, with ssh command from your client computer/laptop using ssh keys:$ ssh your-user@your-server-name-here
$ ssh [email protected]
Java generate public key and private key.
To get rid of a passphrase for the current session, add a passphrase to ssh-agent (see ssh-agent command for more info) and you will not be prompted for it when using ssh or scp/sftp/rsync to connect to hosts with your public key. The syntax is as follows:$ eval $(ssh-agent)
Type the ssh-add command to prompt the user for a private key passphrase and adds it to the list maintained by ssh-agent command:$ ssh-add
Enter your private key passphrase. Now try again to log into [email protected] and you will NOT be prompted for a password:$ ssh [email protected]
Login to your server, type:## client commands ##
$ eval $(ssh-agent)
$ ssh-add
$ ssh [email protected]
Now login as root user:$ sudo -i
OR$ su -i
Edit sshd_config file:# vim /etc/ssh/sshd_config
OR# nano /etc/ssh/sshd_config
Find PermitRootLogin and set it as follows:PermitRootLogin no
Save and close the file. I am going to add a user named vivek to sudoers group on Ubuntu 18.04 server so that we can run sysadmin tasks:# adduser vivek sudo
Restart/reload the sshd service:# systemctl reload ssh
You can exit from all session and test it as follows:$ ssh [email protected]
## become root on server for sysadmin task ##
$ sudo -i
To to change your SSH passphrase type the following command:$ ssh-keygen -p
Just copy files to your backup server or external USB pen/hard drive:
See how to create and use an OpenSSH ssh_config file for more info.
See “OpenSSH Server Best Security Practices” for more info.
You learned how to create and install ssh keys for SSH key-based authentication for Ubuntu Linux 18.04 LTS server. See OpenSSH server documents here and here for more info.
ADVERTISEMENTS