This comprehensive Linux guide expects that you run the following commands as root user but if you decide to run the commands as a different user then ensure that the user hassudo
access and that you precede each of the privileged commands withsudo
SSH, or secure shell, is an encoded convention used for communication between client and server. When working with a Ubuntu server, chances are that you will invest the majority of your energy in a terminal session associated with your server through SSH. It also supports many authentication mechanisms.
In this guide we will talk about setting up SSH on a Ubuntu 18.04 LTS setup. Beside these we would be we would be setting up SSH key-based authentication to connect to a Linux Server
Creating SSH Keys On Ubuntu 18.04 LTS
The first step is making directories for the SSH keys if they do not exist already. Open up a terminal and write the following commands:
mkdir -p $HOME/.ssh
chmod 0700 $HOME/.ssh
The next step is to generate a key pair for the SSH protocol. Run the following command in terminal. This would invoke the keygen to generate the SSH Keys. The output would be:
root@codesposts:~# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
OR:
ssh-keygen -t rsa 4096 -C "My key for new server"
The argument “My key for new server” is the comment.
Press ENTER to save it to default location with default name. Next we are required to enter a passphrase. It is not a requirement but it will add an extra layer of security so it is highly recommended that we add a passphrase. (The passphrase typed will not be visible in the terminal so don’t panic, just type and confirm it and press ENTER)
The output we get will be something similar to shown below
root@codesposts:~# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:kdhoUfy2Xi96AmvN3q1fB6VPkNRgzf5UQ0MjP+HXMEA root@codesposts
The key's randomart image is:
+---[RSA 2048]----+
| .o. .EoO@ |
| =.. o+=X|
| + +. o=*|
| . .o +=|
| S. . o.o|
| . . . +.|
| * . . +|
| o =.o....|
| . .o+o+o |
+----[SHA256]-----+
Verify Keys
To verify the newly generated SSH keys, type the following command into the terminal. This will return the location of SSH keys present.
root@codesposts:~# ls ~/.ssh/id_*
/root/.ssh/id_rsa /root/.ssh/id_rsa.pub
Placing Keys On Server
We have got the private key and the public key. The next step is to place these keys on the Ubuntu server to which we wish to connect.
The most easiest way to do this is by using a utility called ssh-copy-id. We would be using this in our tutorial.
In the terminal type:
ssh-copy-id username@server_ip_address
OR:
ssh-copy-id -i ~/.ssh/file.pub your-user-name@your-ubuntu-server-name
For example:
root@codesposts:~# ssh-copy-id -i $HOME/.ssh/id_ed25519.pub [email protected]
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '149.28.57.113 (149.28.57.113)' can't be established.
ECDSA key fingerprint is SHA256:KMWQF78rfmxrjif+4589xjm3489xf839zdu.
This is when the local computer does not identify the remote server. This is more common if you connecting for the first time to a new server. Type in “yes” and then press ENTER to continue. You would be then prompted to enter the the remote username’s password. Enter the password and then press ENTER.
Log Into The Server Using SSH
If the above steps are correctly followed, we would be now able to login into the remote server. Type in the following commands in the terminal:
ssh remote_username@server_ip_address
For example:
ssh [email protected]
If a passphrase was used, it would prompt for the passphrase else it would just log in immediately.
Disabling Password Authentication
To add an extra layer of security to your server you can disable the password authentication for SSH, which would eliminate the risk of hacking by brute-force attacks. Make sure that you have sudo priveleges for your server then type the following command in terminal:
Login into the remote server
ssh user@server_ip_address
Open the SSH configuration file /etc/ssh/sshd_config with your text editor:
nano /etc/ssh/sshd_config
Inside the file, search for a directive called PasswordAuthentication
. This may be commented out. Uncomment the line and set the value to “no”. This will disable your ability to log in via SSH using account passwords:
- /etc/ssh/sshd_config
-
... PasswordAuthentication no ...
Save and close the file when you are finished by pressing CTRL
+ X
, then Y
to confirm saving the file, and finally ENTER
to exit nano. To actually implement these changes, we need to restart the sshd
service:
systemctl restart ssh
The SSH daemon on your Ubuntu server now only responds to SSH keys. Password-based authentication has successfully been disabled.