Jul 01, 2019 The public key, which you share, can be used to verify that the encrypted file actually comes from you and was created using your key. It can also be used by others to encrypt files for you to decrypt. To generate your key pair, open your terminal, and type the following.
Ssh is secure protocol used to manage remote systems like Linux, BSD, UNIX, network devices event windows operating systems. The traffic between systems are encrypted. Ssh uses asymmetric keys in order to encrypt and made traffic invisible to the others those resides between systems in the network. The encryption power comes from key bit size or length. In this tutorial we will look how to create 4096 bit keys.
In this example we will generate very secure key. This key size will be 4096 bit. 4096 bit keys are a lot more secure than 2048 or 1024 bit keys. If we are not transferring big data we can use 4096 bit keys without a performance problem. We will use -b option in order to specify bit size to the ssh-keygen .
RSA is very old and popular asymmetric encryption algorithm. It is used most of the systems by default. There are some alternatives to RSA like DSA . We can not generate 4096 bit DSA keys because it algorithm do not supports.
The default key size for the ssh-keygen is 2048 bit. We can also specify explicitly the size of the key like below.
The less secure key size is 1024 bit. We do not recommend usage of this size of keys but in some situations like old systems we may need this size of keys. Here how we can generate 1024 bit key with ssh-keygen .
Introduction: OpenSSH is a free and open source client/server technology for secure remote login. It is an implementation of the SSH protocol. OpenSSH divided into sshd (server) and various client tools such as sftp, scp, ssh and more. One can do remote login with OpenSSH either using password or combination of private and public keys named as public key based authentication. It is an alternative security method for user passwords. This method is recommended on a VPS, cloud, dedicated or even home-based server or laptop. This page shows how to set up SSH keys on Ubuntu 18.04 LTS server.
Ubuntu 18.04 Setup SSH Public Key Authentication
The procedure to set up secure ssh keys on Ubuntu 18.04:
- Create the key pair using ssh-keygen command.
- Copy and install the public key using ssh-copy-id command.
- Add yourself to sudo admin account on Ubuntu 18.04 server.
- Disable the password login for root account on Ubuntu 18.04.
Sample set up for SSH Keys on Ubuntu 18.04
Where,
- 202.54.1.55 – You store your public key on the remote hosts and you have an accounts on this Ubuntu Linux 18.04 LTS server.
- Linux/macbook laptop – Your private key stays on the desktop/laptop/computer (or local server) you use to connect to 202.54.1.55 server. Do not share or give your private file to anyone.
In public key based method you can log into remote hosts and server, and transfer files to them, without using your account passwords. Feel free to replace 202.54.1.55 and client names with your actual setup. Enough talk, let’s set up public key authentication on Ubuntu Linux 18.04 LTS.
How to create the RSA/ed25519 key pair on your local desktop/laptop
Open the Terminal and type following commands if .ssh directory does not exists:$ mkdir -p $HOME/.ssh
$ chmod 0700 $HOME/.ssh
Next generate a key pair for the protocol, run:$ ssh-keygen
OR$ ssh-keygen -t rsa 4096 -C 'My key for Linode server'
These days ED25519 keys are favored over RSA keys when backward compatibility is not needed:$ ssh-keygen -t ed25519 -C 'My key for Linux server # 42'
How to install the public key in Ubuntu 18.04 remote server
The syntax is as follows:ssh-copy-id your-user-name@your-ubuntu-server-name
ssh-copy-id -i ~/.ssh/file.pub your-user-name@your-ubuntu-server-name
For example:## for RSA KEY ##
ssh-copy-id -i $HOME/.ssh/id_rsa.pub [email protected]
## for ED25519 KEY ##
ssh-copy-id -i $HOME/.ssh/id_ed25519.pub [email protected]
## install SSH KEY for root user ##
ssh-copy-id -i $HOME/.ssh/id_ed25519.pub [email protected]
I am going to install ssh key for a user named vivek (type command on your laptop/desktop where you generated RSA/ed25519 keys):$ ssh-copy-id -i ~/.ssh/id_ed25519.pub [email protected]
Test it
Now try logging into the Ubuntu 18.04 LTS server, with ssh command from your client computer/laptop using ssh keys:$ ssh your-user@your-server-name-here
$ ssh [email protected]
What are ssh-agent and ssh-add, and how do I use them on Ubuntu 18.04?
To get rid of a passphrase for the current session, add a passphrase to ssh-agent (see ssh-agent command for more info) and you will not be prompted for it when using ssh or scp/sftp/rsync to connect to hosts with your public key. The syntax is as follows:$ eval $(ssh-agent)
Type the ssh-add command to prompt the user for a private key passphrase and adds it to the list maintained by ssh-agent command:$ ssh-add
Enter your private key passphrase. Now try again to log into [email protected] and you will NOT be prompted for a password:$ ssh [email protected]
How to disable the password based login on a Ubuntu 18.04 server
Login to your server, type:## client commands ##
$ eval $(ssh-agent)
$ ssh-add
$ ssh [email protected]
Now login as root user:$ sudo -i
OR$ su -i
Edit sshd_config file:# vim /etc/ssh/sshd_config
OR# nano /etc/ssh/sshd_config
Find PermitRootLogin and set it as follows:PermitRootLogin no
Save and close the file. I am going to add a user named vivek to sudoers group on Ubuntu 18.04 server so that we can run sysadmin tasks:# adduser vivek sudo
Restart/reload the sshd service:# systemctl reload ssh
You can exit from all session and test it as follows:$ ssh [email protected]
## become root on server for sysadmin task ##
$ sudo -i
Create Ssh Key 4096
How do I add or replace a passphrase for an existing private key?
To to change your SSH passphrase type the following command:$ ssh-keygen -p
How do I backup my existing private/public SSH keys
Just copy files to your backup server or external USB pen/hard drive:
How do I protect my ssh keys?
Generate Key Pair Ubuntu 4096 File
- Always use a strong passphrase.
- Do not share your private keys anywhere online or store in insecure cloud storage or gitlab/github servers.
- Restrict privileges of the account.
Tip: Create and setup an OpenSSH config file to create shortcuts for servers
See how to create and use an OpenSSH ssh_config file for more info.
How do I secure my OpenSSH server?
See “OpenSSH Server Best Security Practices” for more info.
Conclusion
You learned how to create and install ssh keys for SSH key-based authentication for Ubuntu Linux 18.04 LTS server. See OpenSSH server documents here and here for more info.
ADVERTISEMENTS
Free overwatch license key generator.