Configure SSH Key-Based Authentication for Ubuntu 22.04

mich0w0h

mich0w0h

Posted on March 14, 2024

Configure SSH Key-Based Authentication for Ubuntu 22.04

In this article, I'll share my experience setting up secure SSH access to my Ubuntu server using public key cryptography. This method eliminates the need to type passwords every time, making connections faster and more secure. Let's dive in!

Prerequisites

  • Local machine with a terminal window (e.g., Bash, PowerShell)
  • Ubuntu server on the same local network

Generating the Keys

  1. Open a terminal window on your local machine.

  2. Generate a key pair using the following command, replacing your_email@example.com with your actual email address:

   ssh-keygen -t ed25519 -C "your_email@example.com"
Enter fullscreen mode Exit fullscreen mode

Press Enter to accept the default location (usually ~/.ssh) for saving the key pair. If prompted, enter a strong passphrase for added security (highly recommended). The private key will be named id_ed25519 (or id_rsa for older SSH versions), and the public key will be named id_ed25519.pub (or id_rsa.pub).

Copying the Public Key (with ssh-copy-id)

  1. Enable SSH password authentication on the server temporarily (you can disable it later).

  2. Copy the public key to the server using ssh-copy-id:

   ssh-copy-id -i ~/.ssh/id_ed25519.pub username@192.168.10.100
Enter fullscreen mode Exit fullscreen mode

Replace username with your server's username and 192.168.10.100 with your server's IP address. Enter the server's password when prompted.

Connecting with SSH Keys

  1. From your local machine, try connecting to the server using SSH:
   ssh -i ~/.ssh/id_ed25519 username@192.168.10.100
Enter fullscreen mode Exit fullscreen mode

If you set a passphrase, you'll be prompted to enter it now.

Disabling Password Authentication (Optional)

  1. On the server, edit the sshd_config file using a text editor (e.g., nano):
   sudo nano /etc/ssh/sshd_config
Enter fullscreen mode Exit fullscreen mode
  1. Locate the line that reads #PasswordAuthentication yes.

  2. Uncomment the line by removing the # symbol at the beginning and set PasswordAuthentication no

  3. Search for any included configuration files (e.g., sshd_config.d/*) that might override PasswordAuthentication settings. Edit them if necessary to set PasswordAuthentication no. (in my case PasswordAuthentication yes was set by default in /etc/sshd_config.d/ and it overwrote the configuration of ssh_config

  4. Save the changes and restart the SSH service:

   sudo systemctl restart ssh
Enter fullscreen mode Exit fullscreen mode

Host-Specific Configuration (Optional):

  1. On your local machine, create a new file named config (if it doesn't exist) inside the ~/.ssh directory using a text editor.

  2. Add the following lines to the config file, replacing 192.168.10.100 with your actual server's address, username with your server's username, and id_ed25519 with the actual filename of your private key (if different):

   Host 192.168.10.100
       User username
       IdentityFile ~/.ssh/id_ed25519
Enter fullscreen mode Exit fullscreen mode

Now, whenever you use ssh username@192.168.10.100, OpenSSH will automatically use the appropriate key for a streamlined connection.

Connecting with Ease:

Finally, test your connection! Simply run the following command from your local machine:

ssh username@192.168.10.100
Enter fullscreen mode Exit fullscreen mode

You should be logged in to your server without needing to enter a password!

References

💖 💪 🙅 🚩
mich0w0h
mich0w0h

Posted on March 14, 2024

Join Our Newsletter. No Spam, Only the good stuff.

Sign up to receive the latest update from our blog.

Related