How to Set Up SSH Keys on Ubuntu 20.04

Set Up SSH Keys on Ubuntu 20.04
Riddhi Jindal
Riddhi Jindal

Created: 05/19/2020 1:16 PM - Updated: 05/19/2020 1:20 PM

Introduction

Secure shell, or SSH is an encrypted protocol used to securely connect to a remote server/system .Usually beginners spend most of their time in a terminal session connecting to  server through SSH.

This guide will help you setting up SSH keys for an Ubuntu 20.04 installation. SSH keys provide a secure way of logging into your server.

Step 1 — Creating the Key Pair

·        ssh-keygen

 Following is the output of the above command

Output
Generating public/private rsa key pair.
Enter file in which to save the key (/your_home/.ssh/id_rsa):

Press enter to save the key pair into the .ssh/ subdirectory in your home directory, or specify an alternate path.

But, if you had previously generated an SSH key pair, the output will be as follows:

Output
/home/your_home/.ssh/id_rsa already exists.
Overwrite (y/n)?

If you choose to overwrite the key on disk, you will not be able to authenticate using the previous key anymore

You should then see the following output:

Output
Enter passphrase (empty for no passphrase):

Here you optionally may enter a secure passphrase.

You should then see the following output:

Output
Your identification has been saved in /your_home/.ssh/id_rsa
Your public key has been saved in /your_home/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:/km7MJ5n5aiqdfTNGZr+2Qt+qCiS7JKm5Iv0dxrc3ks [email protected]
The key's randomart image is:
+---[RSA 3072]----+
|                .|
|               + |
|              +  |
| .           o . |
|o       S   . o  |
| + o. .oo. ..  .o|
|o = oooooEo+ ...o|
|.. o *o+=.*+o....|
|    =+=ooB=o.... |
+----[SHA256]-----+

Step 2 — Copying the Public Key to Your Ubuntu Server

Copying the Public Key Using 


ssh-copy-id [email protected]_host

You may get following output:

Output
The authenticity of host '194.3.213.1 (194.3.213.1)' can't be established.
ECDSA key fingerprint is fd:fd:d4:f9:77:fe:73:84:e1:55:00:ad:d6:6d:22:fe.
Are you sure you want to continue connecting (yes/no)? yes

This will happen the first time you connect to a new host. Type “yes” and press ENTER to continue.

Output
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
username@194.3.213.1's password:

Type your password and press ENTER.

You should see the following output:

Output
Number of key(s) added: 1
 
Now try logging into the machine, with:   "ssh 'username@203.0.113.1'"
and check to make sure that only the key(s) you wanted were added.

Copying the Public Key Using SSH

·         cat ~/.ssh/id_rsa.pub | ssh username@remote_host "mkdir -p ~/.ssh && touch ~/.ssh/authorized_keys && chmod -R go= ~/.ssh && cat >> ~/.ssh/authorized_keys"
·          

You may see the following message:

Output
The authenticity of host 194.3.213.1 (194.3.213.1)' can't be established.
ECDSA key fingerprint is fd:fd:d4:f9:77:fe:73:84:e1:55:00:ad:d6:6d:22:fe.
Are you sure you want to continue connecting (yes/no)? yes

This will happen the first time you connect to a new host. Type yes and press ENTER to continue.

Output
username@194.3.213.1's password:

Copying the Public Key Manually

·         cat ~/.ssh/id_rsa.pub

You will see the key’s content, like this:

Output
ssh-rsa NNNNB3NzaC1yc2EAAAADAQABAAAdjfhgjriq5O3pISj2ZFl9HgH1JLknLLx44+tXfJ7mIrKNxOOwxIxvcBF8PXSYvobFYEZjGIVCEAjrUzLiIxbyCoxVyle7Q+bqgZ8SeeM8wzytsY+dVGcBxF6N4JS+zVk5eMcV385gG3Y6ON3EG112n6d+SMXY0OEBIcO6x+PnUSGHrSgpBgX7Ks1r7xqFa7heJLLt2wWwkARptX7udSq05paBhcpB0pHtA1Rfz3K2B+ZVIpSDfki9UVKzT8JUmwW6NNzSgxUfQHGwnW7kj4jp4AT0VZk3ADw497M2G/12N0PPB5CnhHf7ovgy6nL1ikrygTKRFmNZISvAcywB9GVqNAVE+ZHDSCuURNsAInVzgYo9xgJDW8wUw2o8U77+xiFxgI5QSZX3Iq7YLMgeksaO4rBJEa54k8m5wEiEE1nUhLuJ0X/vh2xPff6SQ1BL/zkOhvJCACK6Vb15mDOeCSq54Cr7kvS46itMosi/uS66+PujOO+xt/2FWYepz6ZlN70bRly57Q06J+ZJoc9FfBCbCyYH7U/ASsmY095ywPsBo1XQ9PqhnN1/YOorJ0rfrfnkgnrkroowe867kwsbjb55YKHEazXGsdBIbXWhcrRf4G2fJLRcGUr9q8/lERo9oxRm5JFX6TCmj6kmiFqv+Ow9gI0x8GvaQ== [email protected]

Access your remote host using whichever method you have available.

Following command will create the directory if necessary, or do nothing if it already exists:

·         mkdm mkdir -p ~/.ssh
                                         echo public key_string >> ~/.ssh/authorized_keys

 In the above command, substitute the public_key_string with the output from the cat ~/.ssh/id_rsa.pub command .It should start with ssh-rsa NNNN....

 chmod -R go= ~/.ssh

If you’re using the root account to set up keys for a user account

chown -R  john:john ~/.ssh

In this tutorial our user is named john 

You can now attempt authentication with the Ubuntu server without password.

Step 3 — Authenticating to Your Ubuntu Server Using SSH Keys

      ssh [email protected]_host

       If you are connecting for the first time, the output will be as follows:

Output
The authenticity of host '203.0.113.1 (203.0.113.1)' can't be established.
ECDSA key fingerprint is fd:fd:d4:f9:77:fe:73:84:e1:55:00:ad:d6:6d:22:fe.
Are you sure you want to continue connecting (yes/no)? yes

Type “yes” and then press ENTER to continue.

Step 4 — Disabling Password Authentication on Your Server

Open SSH daemon’s configuration file:

·         sudo vi /etc/ssh/sshd_config
·          

Uncomment the following line by removing the #, and set the value to no.

/etc/ssh/sshd_config

. . .
PasswordAuthentication no
. . .

Save and exit.

sudo systemctl restart ssh

Open a new terminal window and test that the SSH service is functioning correctly before closing your current session:

·         ssh user    ssh [email protected]_host
·          

 

The SSH daemon on the Ubuntu server now only responds to SSH-key-based authentication. Password-based logins have been disabled.

Was this article helpful?

0 Out of 0 Marked As Helpfull

Have more questions? Please Contact Us