This comprehensive Linux guide expects that you run the following commands as root user but if you decide to run the commands as a different user then ensure that the user has
sudoaccess and that you precede each of the privileged commands with
SSH, or secure shell, is an encoded convention used for communication between client and server. When working with a Ubuntu server, chances are that you will invest the majority of your energy in a terminal session associated with your server through SSH. It also supports many authentication mechanisms.
In this guide we will talk about setting up SSH on a Ubuntu 18.04 LTS setup. Beside these we would be we would be setting up SSH key-based authentication to connect to a Linux Server
Creating SSH Keys On Ubuntu 18.04 LTS
The first step is making directories for the SSH keys if they do not exist already. Open up a terminal and write the following commands:
mkdir -p $HOME/.ssh chmod 0700 $HOME/.ssh
The next step is to generate a key pair for the SSH protocol. Run the following command in terminal. This would invoke the keygen to generate the SSH Keys. The output would be:
[email protected]:~# ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa):
ssh-keygen -t rsa 4096 -C "My key for new server"
The argument “My key for new server” is the comment.
Press ENTER to save it to default location with default name. Next we are required to enter a passphrase. It is not a requirement but it will add an extra layer of security so it is highly recommended that we add a passphrase. (The passphrase typed will not be visible in the terminal so don’t panic, just type and confirm it and press ENTER)
The output we get will be something similar to shown below
[email protected]:~# ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: SHA256:kdhoUfy2Xi96AmvN3q1fB6VPkNRgzf5UQ0MjP+HXMEA [email protected] The key's randomart image is: +---[RSA 2048]----+ | .o. [email protected] | | =.. o+=X| | + +. o=*| | . .o +=| | S. . o.o| | . . . +.| | * . . +| | o =.o....| | . .o+o+o | +----[SHA256]-----+
To verify the newly generated SSH keys, type the following command into the terminal. This will return the location of SSH keys present.
[email protected]:~# ls ~/.ssh/id_* /root/.ssh/id_rsa /root/.ssh/id_rsa.pub
Placing Keys On Server
We have got the private key and the public key. The next step is to place these keys on the Ubuntu server to which we wish to connect.
The most easiest way to do this is by using a utility called ssh-copy-id. We would be using this in our tutorial.
In the terminal type:
ssh-copy-id [email protected]_ip_address
ssh-copy-id -i ~/.ssh/file.pub [email protected]
[email protected]:~# ssh-copy-id -i $HOME/.ssh/id_ed25519.pub [email protected] /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub" The authenticity of host '18.104.22.168 (22.214.171.124)' can't be established. ECDSA key fingerprint is SHA256:KMWQF78rfmxrjif+4589xjm3489xf839zdu.
This is when the local computer does not identify the remote server. This is more common if you connecting for the first time to a new server. Type in “yes” and then press ENTER to continue. You would be then prompted to enter the the remote username’s password. Enter the password and then press ENTER.
Log Into The Server Using SSH
If the above steps are correctly followed, we would be now able to login into the remote server. Type in the following commands in the terminal:
ssh [email protected]_ip_address
If a passphrase was used, it would prompt for the passphrase else it would just log in immediately.
Disabling Password Authentication
To add an extra layer of security to your server you can disable the password authentication for SSH, which would eliminate the risk of hacking by brute-force attacks. Make sure that you have sudo priveleges for your server then type the following command in terminal:
Login into the remote server
ssh [email protected]_ip_address
Open the SSH configuration file /etc/ssh/sshd_config with your text editor:
Inside the file, search for a directive called
PasswordAuthentication. This may be commented out. Uncomment the line and set the value to “no”. This will disable your ability to log in via SSH using account passwords:
... PasswordAuthentication no ...
Save and close the file when you are finished by pressing
Y to confirm saving the file, and finally
ENTER to exit nano. To actually implement these changes, we need to restart the
systemctl restart ssh
The SSH daemon on your Ubuntu server now only responds to SSH keys. Password-based authentication has successfully been disabled.