Linux Tutorials

Ubuntu 18.04 Setup SSH Public Key Authentication

I am a brand new Ubuntu 18.04 LTS person and I want to setup ssh public key authentication. How do I arrange ssh keys primarily based authentication on Ubuntu Linux 18.04 LTS server? How do I arrange SSH keys on an Ubuntu Linux 18.04 LTS server? In Ubuntu 18.04 LTS, how do I arrange public key authentication?

Introduction: OpenSSH is a free and open supply consumer/server know-how for safe distant login. It’s an implementation of the SSH protocol. OpenSSH divided into sshd (server) and numerous consumer instruments akin to sftp, scp, ssh and extra. One can do distant login with OpenSSH both utilizing password or mixture of personal and public keys named as public key primarily based authentication. It’s an alternate safety technique for person passwords. This technique is advisable on a VPS, cloud, devoted and even home-based server or laptop computer. This web page exhibits how you can arrange SSH keys on Ubuntu 18.04 LTS server.

Ubuntu 18.04 Setup SSH Public Key Authentication

The process to arrange safe ssh keys on Ubuntu 18.04:

Create the important thing pair utilizing ssh-keygen command.Copy and set up the general public key utilizing ssh-copy-id command.Add your self to sudo admin account on Ubuntu 18.04 server.Disable the password login for root account on Ubuntu 18.04.

Pattern arrange for SSH Keys on Ubuntu 18.04

Ubuntu 18.04 Setup SSH Public Key AuthenticationFig.01: Learn how to arrange SSH keys on Ubuntu 18.04 (pattern setup)
The place, – You retailer your public key on the distant hosts and you’ve got an accounts on this Ubuntu Linux 18.04 LTS server.Linux/macbook laptop computer – Your non-public key stays on the desktop/laptop computer/laptop (or native server) you utilize to connect with server. Don’t share or give your non-public file to anybody.

In public key primarily based technique you’ll be able to log into distant hosts and server, and switch recordsdata to them, with out utilizing your account passwords. Be happy to interchange and consumer names together with your precise setup. Sufficient discuss, let’s arrange public key authentication on Ubuntu Linux 18.04 LTS.

Learn how to create the RSA/ed25519 key pair in your native desktop/laptop computer

Open the Terminal and kind following instructions if .ssh listing doesn’t exists:
$ mkdir -p $HOME/.ssh
$ chmod 0700 $HOME/.ssh
Subsequent generate a key pair for the protocol, run:
$ ssh-keygen
$ ssh-keygen -t rsa 4096 -C “My key for Linode server”
Nowadays ED25519 keys are favored over RSA keys when backward compatibility isn’t wanted:
$ ssh-keygen -t ed25519 -C “My key for Linux server # 42”
Ubuntu 18.04 create the RSA or ed25519 key pair

Learn how to set up the general public key in Ubuntu 18.04 distant server

The syntax is as follows:
ssh-copy-id your-user-name@your-ubuntu-server-name
ssh-copy-id -i ~/.ssh/ your-user-name@your-ubuntu-server-name
For instance:
## for RSA KEY ##
ssh-copy-id -i $HOME/.ssh/ person@
## for ED25519 KEY ##
ssh-copy-id -i $HOME/.ssh/ person@
## set up SSH KEY for root person ##
ssh-copy-id -i $HOME/.ssh/ root@

I’m going to put in ssh key for a person named vivek (kind command in your laptop computer/desktop the place you generated RSA/ed25519 keys):
$ ssh-copy-id -i ~/.ssh/ vivek@
Copy SSH Public Key to Ubuntu 18.04 LTS Server

Take a look at it

Now strive logging into the Ubuntu 18.04 LTS server, with ssh command out of your consumer laptop/laptop computer utilizing ssh keys:
$ ssh your-user@your-server-name-here
$ ssh vivek@
Authenticate to Ubuntu 18.04 LTS Server Using SSH Keys

What are ssh-agent and ssh-add, and the way do I take advantage of them on Ubuntu 18.04?

To eliminate a passphrase for the present session, add a passphrase to ssh-agent (see ssh-agent command for more information) and you’ll not be prompted for it when utilizing ssh or scp/sftp/rsync to connect with hosts together with your public key. The syntax is as follows:
$ eval $(ssh-agent)
Sort the ssh-add command to immediate the person for a personal key passphrase and provides it to the listing maintained by ssh-agent command:
$ ssh-add
Enter your non-public key passphrase. Now strive once more to log into vivek@ and you’ll NOT be prompted for a password:
$ ssh vivek@

Learn how to disable the password primarily based login on a Ubuntu 18.04 server

Login to your server, kind:
## consumer instructions ##
$ eval $(ssh-agent)
$ ssh-add
$ ssh vivek@
Now login as root person:
$ sudo -i
$ su -i
Edit sshd_config file:
# vim /and many others/ssh/sshd_config
# nano /and many others/ssh/sshd_config
Discover PermitRootLogin and set it as follows:
PermitRootLogin no
Save and shut the file. I’m going so as to add a person named vivek to sudoers group on Ubuntu 18.04 server in order that we will run sysadmin duties:
# adduser vivek sudo
Restart/reload the sshd service:
# systemctl reload ssh
You possibly can exit from all session and check it as follows:
$ ssh vivek@
## grow to be root on server for sysadmin activity ##
$ sudo -i

How do I add or substitute a passphrase for an present non-public key?

To to vary your SSH passphrase kind the next command:
$ ssh-keygen -p

How do I backup my present non-public/public SSH keys

Simply copy recordsdata to your backup server or exterior USB pen/arduous drive:

## Copy recordsdata to house primarily based nas server ##
rsync -avr $HOME/.ssh person@house.nas-server:/path/to/encrpted/nas/partition/
## Copy recordsdata to usb pen drive mounted at /mnt/usb ##
cp -avr $HOME/.ssh/ /mnt/usb/backups/

How do I shield my ssh keys?

All the time use a robust passphrase.Don’t share your non-public keys anyplace on-line or retailer in insecure cloud storage or gitlab/github servers.Limit privileges of the account.

Tip: Create and setup an OpenSSH config file to create shortcuts for servers

See how you can create and use an OpenSSH ssh_config file for more information.

How do I safe my OpenSSH server?

See “OpenSSH Server Finest Safety Practices” for more information.


You realized how you can create and set up ssh keys for SSH key-based authentication for Ubuntu Linux 18.04 LTS server. See OpenSSH server paperwork right here and right here for more information.

Posted by: Vivek Gite

The writer is the creator of nixCraft and a seasoned sysadmin, DevOps engineer, and a coach for the Linux working system/Unix shell scripting. Get the newest tutorials on SysAdmin, Linux/Unix and open supply matters through RSS/XML feed or weekly electronic mail publication.

Source link

Related Articles

Back to top button