Secure Shell (SSH) is a cryptographic network protocol used for secure connection between a client and a server and supports various authentication mechanisms.
The two most popular mechanisms are password-based authentication and public key-based authentication. The use of SSH keys is more secure and convenient than traditional password authentication.
In this tutorial we will see how to generate SSH keys on Ubuntu 18.04 machines. We will also show you how to configure SSH-based authentication and connect to remote Linux servers without entering a password.
Creating SSH keys on Ubuntu
Before generating a new SSH key pair, first check the existing SSH keys on your Ubuntu client computer. You can do this by running the following command:
If the above command shows something similar
No such file or directory or
no results found means that you do not have the SSH keys on your client machine and you can proceed with the next step and generate an SSH key pair.
If there are existing keys, you can use them and skip the next step or back up the old keys and generate a new one.
Generate a new pair of 4096 bit SSH keys with your email address as a comment by typing:
The output will be similar to this:
Enter the file to save the key (/home/yourusername/.ssh/id_rsa):
log into to accept the default file path and file name.
Next, you will be asked to type in a secure passphrase. Whether you want to use the passphrase, it's up to you. If you choose to use the passphrase you will get an additional level of security.
Insert passphrase (empty for no passphrase):
If you do not want to use the passphrase, simply press
The whole interaction looks like this:
To verify that the new SSH key pair has been generated, type:
Copy the public key to the Ubuntu server
Now that you have generated the SSH key pair, the next step is to copy the public key to the server you want to manage.
The easiest and most recommended way to copy your public key to the server is to use a caller
ssh-copy-id. On your local machine terminal type:
You will be asked to enter the
remoteusername Order word:
Once the user is authenticated, the public key
~ / .ssh / id_rsa.pub will be added to the remote user
~ / .ssh / authorized_keys the file and the connection will be closed.
Number of keys added: 1 Now try to access the machine, with: "ssh"[email protected]_IP address & # 39; " and check to make sure that only the keys you wanted were added.
If for some reason the
ssh-copy-id the utility is not available on your local computer you can use the following command to copy the public key:
cat ~ / .ssh / id_rsa.pub | SSH [email protected]_IP address "mkdir -p ~ / .ssh && cat >> ~ / .ssh / authorized_keys"
Access your server using SSH keys
After completing the previous steps, you should be able to access the remote server without requiring a password.
To try it, just try to access your server via SSH:
If you have not set a passphrase for the private key, you will be logged in immediately. Otherwise you will be asked to enter the passphrase.
Disable SSH password authentication
To add an extra layer of security to your server, you can disable password authentication for SSH.
Before disabling SSH password authentication, make sure you can access your server without a password and the user with whom you are logging in has sudo privileges.
Access your remote server:
Open the SSH configuration file
/ Etc / ssh / sshd_config with your text editor:
sudo nano / etc / ssh / sshd_config
Look for the following directives and edit as follows:
/ Etc / ssh / sshd_config
PasswordAuthentication no ChallengeResponseAuthentication no UsePAM no
Once finished, save the file and restart the SSH service by typing:
sudo systemctl restart ssh
At this point, password-based authentication is disabled.
In this tutorial, you learned how to generate a new SSH key pair and set up SSH key authentication. You can add the same key to multiple remote services. We also showed you how to disable SSH password authentication and add an additional layer of security to your server.
If you have any questions or comments, feel free to leave a comment.