Server ManagementUbuntu

How to Set Up SSH Keys on Ubuntu 20.04

Introduction

SSH, or Secure Shell Protocol, is a remote administration protocol that enables users to connect to, control, and modify remote servers via the internet.

SSH was developed as a secure replacement for unencrypted Telnet, and it employs cryptographic techniques to ensure that all communication to and from the remote server is encrypted. It provides a mechanism for authenticating a remote user, transferring client inputs to the host, and relaying output back to the client.

In this guide, we’ll go over how to create SSH keys for an Ubuntu 20.04 installation. SSH keys are recommended for all users because they provide a secure way of logging into your server.

Step 1 — Creating the Key Pair

On the client machine (usually your computer), the first step is to generate a key pair:

For Mac or Linux users, proceed to execute the following command:

ssh-keygen -t rsa -b 4096 -C "your_email@example.com"

Be sure to replace the email reference above with your own email.

This command will generate a new SSH key with the email address as the label.

However for Windows User

There is no standard default Unix shell in Windows environments. External shell programs must be installed in order to have a fully functional keygen experience. The most straightforward approach is to use Git Bash. Follow this link to download git.

Recent versions of ssh-keygen will generate a 3072-bit RSA key pair by default, which is secure enough for most use cases (you may optionally pass in the -b 4096 flag to create a larger 4096-bit key).

digitalocean.com

You should see the following output after running the command:

Output
Generating public/private rsa key pair.
Enter file in which to save the key (/your_home/.ssh/id_rsa):

The output above prompts you to save your new ssh key to a location.
You have the option of specifying a file location or pressing “Enter” to accept the default file location.

Go on and press enter to continue with the default location.

The next prompt will request a secure password.
A pass will add an extra layer of security to SSH and will be required whenever the SSH key is used. If someone gains access to the computer on which private keys are stored, they will have access to any system that uses that key. This scenario can be avoided by adding a passphrase to the keys.

To proceed, enter a passphrase that you will remember. It can be as long as you want.

Step 2 — Adding the Public Key to Your Ubuntu Server

I have provided three different methods of adding your public key to the Ubuntu Server. If you know your server root access password, then the quickest way to copy your public key to the Ubuntu host is to use the ssh-copy-id utility. This method is highly recommended due to its simplicity. If you don’t have ssh-copy-id on your client machine, you can use one of the two alternative methods described in this section (copying via password-based SSH, or manually copying the key).

Copying the Public Key Using ssh-copy-id

For this method to work, you need the password to the server. Login to your server hosting account and copy your password from your server’s homepage.

To use the utility, specify the remote host to which you want to connect and the user account to which you have password-based SSH access. This is the account that will receive your public SSH key.

ssh-copy-id username@remote_host

The following message will appear:

Output
The authenticity of host '203.0.113.1 (203.0.113.1)' can't be established.
ECDSA key fingerprint is fd:fd:d4:f9:77:fe:73:84:e1:55:00:ad:d6:6d:22:fe.
Are you sure you want to continue connecting (yes/no)? yes

This indicates that your local computer is not aware of the remote host. When you connect to a new host for the first time, this will occur. To proceed, type “yes” and press ENTER.

Next enter the password of the remote user’s account (that is the one you got from your server info page)

Output
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
username@203.0.113.1's password:

Enter the password (your typing will be hidden for security reasons) and press ENTER. The utility will use the password you provided to connect to the account on the remote host. It will then copy the contents of your /.ssh/id rsa.pub key into a file called authorized keys in the remote account’s home /.ssh directory.

If everything goes fine and your password is correct, you will see the following message

You should see the following output:

Output
Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'username@203.0.113.1'"
and check to make sure that only the key(s) you wanted were added.

Your id rsa.pub key has now been uploaded to the remote account. You can proceed to Step 3.

Copying the Public Key Using SSH

Alternatively, if you have password-based SSH access to an account on your server, you can upload your keys using a traditional SSH method.

We can accomplish this by reading the contents of the public SSH key on our local computer with the cat command and piping it through an SSH connection to the remote server.

The content we piped over can then be output into a file called authorized keys within this directory. Instead of overwriting the content, we’ll append it with the >> redirect symbol. This allows us to add keys without erasing previously added keys.

cat ~/.ssh/id_rsa.pub | ssh username@remote_host "mkdir -p ~/.ssh && touch ~/.ssh/authorized_keys && chmod -R go= ~/.ssh && cat >> ~/.ssh/authorized_keys"

Enter the command above and replace the username and remote_host with your own credentials.

You will get the following output

Output
The authenticity of host '203.0.113.1 (203.0.113.1)' can't be established.
ECDSA key fingerprint is fd:fd:d4:f9:77:fe:73:84:e1:55:00:ad:d6:6d:22:fe.
Are you sure you want to continue connecting (yes/no)? yes

This indicates that your local computer is not aware of the remote host. When you connect to a new host for the first time, this will occur. To proceed, type yes and press ENTER.

You should then be prompted to enter the remote user account password:

Output
username@203.0.113.1's password:

After you enter your password, the content of your id rsa.pub key will be copied to the end of the remote user’s authorized keys file. If this was successful, proceed to Step 3.

Copying the Public Key Manually

If none of the methods listed above work for you, you can manually add your ssh keys to your server. This method will require you to log in to your server as the root user with the associated password.

To view the contents of your id rsa.pub key, enter the following into your local computer:

cat ~/.ssh/id_rsa.pub

Your output will look similar to the one below:

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCqql6MzstZYh1TmWWv11q5O3pISj2ZFl9HgH1JLknLLx44+tXfJ7mIrKNxOOwxIxvcBF8PXSYvobFYEZjGIVCEAjrUzLiIxbyCoxVyle7Q+bqgZ8SeeM8wzytsY+dVGcBxF6N4JS+zVk5eMcV385gG3Y6ON3EG112n6d+SMXY0OEBIcO6x+PnUSGHrSgpBgX7Ks1r7xqFa7heJLLt2wWwkARptX7udSq05paBhcpB0pHtA1Rfz3K2B+ZVIpSDfki9UVKzT8JUmwW6NNzSgxUfQHGwnW7kj4jp4AT0VZk3ADw497M2G/12N0PPB5CnhHf7ovgy6nL1ikrygTKRFmNZISvAcywB9GVqNAVE+ZHDSCuURNsAInVzgYo9xgJDW8wUw2o8U77+xiFxgI5QSZX3Iq7YLMgeksaO4rBJEa54k8m5wEiEE1nUhLuJ0X/vh2xPff6SQ1BL/zkOhvJCACK6Vb15mDOeCSq54Cr7kvS46itMosi/uS66+PujOO+xt/2FWYepz6ZlN70bRly57Q06J+ZJoc9FfBCbCyYH7U/ASsmY095ywPsBo1XQ9PqhnN1/YOorJ068foQDNVpm146mUpILVxmq41Cj55YKHEazXGsdBIbXWhcrRf4G2fJLRcGUr9q8/lERo9oxRm5JFX6TCmj6kmiFqv+Ow9gI0x8GvaQ== demo@test

Use whatever method you have available to connect to your remote host.

enter this code to create the ssh director or do nothing if it already exits:

mkdir -p ~/.ssh

Within this directory, you can now create or modify the authorized keys file. Using the following command, append the contents of your id rsa.pub file to the end of the authorized keys file, creating it if necessary:

Lastly, ensure that the ~/.ssh directory and authorized_keys file have the appropriate permissions set:

chmod -R go= ~/.ssh

If you’re using the root account to set up keys for a user account, it’s also important that the ~/.ssh directory belongs to the user and not to root:

chown -R johndoe:johndoe ~/.ssh

In this guide our user is named johndoe but you should substitute the appropriate username into the above command.

Step 3: Using SSH Keys to Login to Your Ubuntu Server

If you followed one of the procedures above correctly, you should be able to log into the remote host without entering the remote account’s password.

ssh username@remote_host

Leave a Reply

Your email address will not be published.

Back to top button