Setup SSH Key Authentication on Ubuntu

This post instructs students, and new users how to install and configure SSH for a passwordless key login on Ubuntu Linux. It explains key-based authentication as a secure method for managing SSH servers. Users learn how to create an SSH key pair, copy the public key onto a remote server, and configure SSH for passwordless…

This article explains how to install and configure SSH with key login with no password or passwordless. SSH supports various authentication methods. Using a public key is more secure and convenient than traditional password authentication.

SSH (Secure Shell) is a communication protocol that allows for secure communication between networked computers. SSH allows you to securely access and manage your server from anywhere. This is especially useful for system administrators or users who need to work remotely.

Using this post, you’ll learn how to set up an SSH key-based authentication on Ubuntu Linux and log in without entering a password.

SSH allows for key-based authentication, which is more secure than using passwords. You can generate a public/private key pair, add the public key to your server, and log in without needing to enter a password.

Overall, setting up SSH on Ubuntu enhances your ability to manage your system securely and efficiently.

Create SSH keys keypair

As mentioned above, key-based authentication is the most secure way to log on to an SSH server. If you haven’t already created an SSH key, run the commands below to create one.

The command below generates a new 4096 bits SSH key pair with your email address as a comment.

ssh-keygen -t rsa -b 4096 -C "[email protected]"

After running the commands above, you’ll be prompted to specify a filename for the keys. In most cases, the default location and filename should work.

Enter file in which to save the key (/home/yourusername/.ssh/id_rsa):

Next, you’ll be asked to type a secure passphrase. A passphrase adds an extra layer of security, so you must type the passphrase before you use the key to log in to the remote machine.

Enter passphrase (empty for no passphrase):

Press ENTER without typing a passphrase.

On your screen, the entire interaction should look similar to the one below.

Generating public/private rsa key pair.
Enter file in which to save the key (/home/richard/.ssh/id_rsa): 
Created directory '/home/richard/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/richard/.ssh/id_rsa
Your public key has been saved in /home/richard/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:F217Tplf9iVDvyTRBRfkeXEdQfCugtgC16BrpRqQYpE [email protected]
The key's randomart image is:
+---[RSA 4096]----+
|             .=OO|
|  .        .  +.*|
| E     .  . o..=.|
|  o   . o  o oo+.|
|.+   o oS.. ..Bo=|
|o .   * o..  ++==|
|   . + o o . ...o|
|    +   .   .    |
|   .             |
+----[SHA256]-----+

Once done, two new files should be created in your home directory (id_rsa and id_rsa.pub).

That’s it! You have successfully created a key pair.

Copy the public key to target system

Now that you have a keypair, your next step is to copy your public key (id_rsa.pub) to the remote server. There are multiple ways to do it. The easiest and recommended way to copy the public key to the server is to use the ssh-copy-id tool.

Run the command below to copy your public key to a remote server.

ssh-copy-id username@server_ip_address

Replace the username and server_ip_address with your account on the remote server.

Since key-based authentication isn’t yet configured, you’ll be prompted to type in your SSH password.

Once authenticated, the public key ~/.ssh/id_rsa.pub will be appended to the remote user ~/.ssh/authorized_keys file, and the connection will be closed.

[email protected]'s password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh '[email protected]'"
and check to make sure that only the key(s) you wanted were added.

Configure SSH for passwordless login

After you’ve copied your public key, the next step is turning off password authentication.

Log on to the remote server with your password, then open the SSH configuration file by running the commands below.

sudo nano /etc/ssh/sshd_config

In the file, find the lines below and change the value to match these.

PasswordAuthentication no
ChallengeResponseAuthentication no
UsePAM no

Save the file and exit.

Restart the SSH server on the remote host.

sudo systemctl restart ssh

After that, password login should be disabled.

Next type simply typing the command below will log you in without a password prompt.

ssh username@server_ip_address

That should do it!

Conclusion:

This post showed you how to set up key-based SSH authentication on Ubuntu Linux. Please use the comment form if you find errors or want to add something below.

Richard Avatar

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *