mich0w0h
Posted on March 14, 2024
In this article, I'll share my experience setting up secure SSH access to my Ubuntu server using public key cryptography. This method eliminates the need to type passwords every time, making connections faster and more secure. Let's dive in!
Prerequisites
- Local machine with a terminal window (e.g., Bash, PowerShell)
- Ubuntu server on the same local network
Generating the Keys
Open a terminal window on your local machine.
Generate a key pair using the following command, replacing
your_email@example.com
with your actual email address:
ssh-keygen -t ed25519 -C "your_email@example.com"
Press Enter to accept the default location (usually ~/.ssh
) for saving the key pair. If prompted, enter a strong passphrase for added security (highly recommended). The private key will be named id_ed25519
(or id_rsa
for older SSH versions), and the public key will be named id_ed25519.pub
(or id_rsa.pub
).
Copying the Public Key (with ssh-copy-id)
Enable SSH password authentication on the server temporarily (you can disable it later).
Copy the public key to the server using
ssh-copy-id
:
ssh-copy-id -i ~/.ssh/id_ed25519.pub username@192.168.10.100
Replace username
with your server's username and 192.168.10.100
with your server's IP address. Enter the server's password when prompted.
Connecting with SSH Keys
- From your local machine, try connecting to the server using SSH:
ssh -i ~/.ssh/id_ed25519 username@192.168.10.100
If you set a passphrase, you'll be prompted to enter it now.
Disabling Password Authentication (Optional)
-
On the server, edit the
sshd_config
file using a text editor (e.g.,nano
):
sudo nano /etc/ssh/sshd_config
Locate the line that reads
#PasswordAuthentication yes
.Uncomment the line by removing the
#
symbol at the beginning and setPasswordAuthentication no
Search for any included configuration files (e.g.,
sshd_config.d/*
) that might overridePasswordAuthentication
settings. Edit them if necessary to setPasswordAuthentication no
. (in my casePasswordAuthentication yes
was set by default in/etc/sshd_config.d/
and it overwrote the configuration ofssh_config
Save the changes and restart the SSH service:
sudo systemctl restart ssh
Host-Specific Configuration (Optional):
On your local machine, create a new file named
config
(if it doesn't exist) inside the~/.ssh
directory using a text editor.Add the following lines to the
config
file, replacing192.168.10.100
with your actual server's address,username
with your server's username, andid_ed25519
with the actual filename of your private key (if different):
Host 192.168.10.100
User username
IdentityFile ~/.ssh/id_ed25519
Now, whenever you use ssh username@192.168.10.100
, OpenSSH will automatically use the appropriate key for a streamlined connection.
Connecting with Ease:
Finally, test your connection! Simply run the following command from your local machine:
ssh username@192.168.10.100
You should be logged in to your server without needing to enter a password!
References
Posted on March 14, 2024
Join Our Newsletter. No Spam, Only the good stuff.
Sign up to receive the latest update from our blog.