Friday, December 27, 2024
Google search engine
HomeSecurity & TestingHow to Generate SSH Keys on Ubuntu

How to Generate SSH Keys on Ubuntu

Introduction

Creating an SSH (Secure Shell) connection is essential for effectively managing a remote server. Encrypted SSH keys are access credentials used to establish a secure connection.

This guide will show you how to generate SSH keys on Ubuntu. It will also cover setting up SSH key-based authentication to connect to a remote server without a password.

How to generate SSH keys on Ubuntu.How to generate SSH keys on Ubuntu.

Prerequisites

  • A server running Ubuntu 18.04 or later.
  • SSH enabled on Ubuntu.
  • A user account with sudo privileges.
  • Access to a terminal window/command line.

Creating SSH keys on Ubuntu

The SSH key generation process creates two keys:

  • A public key, which the server uses to identify the client.
  • A private key, which you will need to keep secure. The secure private key ensures that you are the only person who can encrypt the data using the public key.

Follow the steps below to create the public-private key pair.

Step 1 – Generate SSH Key Pair

Generate a pair of SSH keys on the client system. The client system is the machine that connects to the SSH server.

1. Create a directory named .ssh in the home directory. The -p option ensures the system does not return an error if the directory exists.

mkdir –p $HOME/.ssh

2. Change permissions of the directory to give the user read, write, and execute privileges:

chmod 0700 $HOME/.ssh

3. Execute the ssh-keygen command to create an RSA key pair.

ssh-keygen

4. When prompted, provide the path to the key file. If you press Enter without typing a file path, the key will be stored in the .ssh directory under the default file name id_rsa.

5. The system asks you to create a passphrase as an added layer of security. Input a memorable passphrase, and press Enter.

The output shows that the keys have been created successfully.

The output of the ssh-keygen command shows that the key pair has been generated successfully.The output of the ssh-keygen command shows that the key pair has been generated successfully.

Alternatively, create keys using the RSA 4096 encryption for extra security:

ssh-keygen -t rsa -b 4096

Note: If a key pair with the same name exists, new keys will overwrite the information in the file, and the old keys will not work anymore.

Step 2 – Copy Public Key to Ubuntu Server

After you obtain the key pair, use the public key to authenticate the client on the server.

1. Get the IP address of the Ubuntu server you want to connect to. In the server’s terminal window, enter the following command:

ip a

Find the system’s IP address in the relevant network device section:

Command displays current IP address as part of copying the public key.Command displays current IP address as part of copying the public key.

2. On the client system, use the ssh-copy-id command to copy the identity information to the Ubuntu server. Use the -i option to specify the key you want to share:

ssh-copy-id -i [ssh-key-location] [username]@[server-ip-address]

If this is the first time you connect to the server, you may see a message that the authenticity of the host cannot be established. Type yes and press Enter to proceed.

3. Enter the password for the server user account.

Copying the credentials to the server using the ssh-copy-id command.Copying the credentials to the server using the ssh-copy-id command.

The system copies the contents of the ~/.ssh/id_rsa.pub from the client system into the ~/.ssh/authorized_keys file on the server.

Alternate Method to Manually Copy the SSH Key

If your system does not have the ssh-copy-id command, you can copy the key manually.

1. Use the following command to print the public key to the standard output:

cat ~/.ssh/id_rsa.pub
Manually copying the public SSH key.Manually copying the public SSH key.

2. Select the entire key and press Control + Shift + C to copy it.

3. Log in to the SSH server using password authentication.

ssh [username]@[remote_host]

Note: If the password authentication is disabled on the server, you cannot establish an SSH connection manually. In this case, the only way to access the server is via a console. If you do not have console access, the server is unreachable, and the process cannot be completed.

4. Create the .ssh directory and the authorized_keys file on the server.

mkdir -p ~/.ssh && touch ~/.ssh/authorized_keys

5. Set the necessary permissions.

chmod -R go= ~/.ssh

6. Append the public key you copied in Step 2 of this section to the authorized_keys file.

If you connected via SSH, use the following command:

echo "[paste-public-ssh-key-here]" >> ~/.ssh/authorized_keys

Warning: The >> symbol is used to append content to a file. The > symbol overwrites the file contents. Always double-check that you are using the correct symbol to avoid overwriting important data.

If you are accessing the server via console, open the authorized_keys file in a text editor:

vi ~/.ssh/authorized_keys

Add the key manually at the bottom of the file and save the file.

Step 3 – Log in to the Remote Server

To log in to a remote server, enter the following command on the client system:

ssh [username]@[server-ip]

The system does not ask for a password since it negotiates a secure connection using the SSH keys. Enter the security passphrase.

A successful SSH log in attempt.A successful SSH log in attempt.

Note: In some instances, SSH may refuse the connection and print the “Connection Refused” error. Fix this problem by referring to How to Fix the SSH “Connection Refused” Error.

Step 4 – Disable Password Authentication

The following step creates an added layer of security. If you are the only person logging into the server, you can disable password authentication. The server will only accept the login from the client with the private key that matches the stored public key.

1. Open the sshd_config file in a text editor:

sudo nano /etc/ssh/sshd_config

2. Search the file and find the PasswordAuthentication line.

3. Edit the file and change the value to no:

Editing the SSH server configuration file.Editing the SSH server configuration file.

Save the file and exit.

4. Restart the SSH service:

sudo systemctl restart ssh

The server now stops accepting passwords as an authentication method.

Conclusion

By following the instructions in this tutorial, you have set up SSH-key-based authentication on an Ubuntu server. The connection is now highly secure, using unique, encrypted SSH keys.

Learn more about SSH by reading 19 Most Common SSH Commands in Linux.

Was this article helpful?
YesNo

RELATED ARTICLES

Most Popular

Recent Comments