Setup SSH Key Authentication on Ubuntu

Create SSH keys keypair

As mentioned above, key-based authentication is the most secure way to log on to an SSH server. If you haven’t already created an SSH key, run the commands below to create one.

The command below generates a new 4096 bits SSH key pair with your email address as a comment.

ssh-keygen -t rsa -b 4096 -C "your_username@example.com"

After running the commands above, you’ll be prompted to specify a filename for the keys. In most cases, the default location and filename should work.

Enter file in which to save the key (/home/yourusername/.ssh/id_rsa):

Next, you’ll be asked to type a secure passphrase. A passphrase adds an extra layer of security, so you must type the passphrase before you use the key to log in to the remote machine.

Enter passphrase (empty for no passphrase):

Press ENTER without typing a passphrase.

On your screen, the entire interaction should look similar to the one below.

Generating public/private rsa key pair.
Enter file in which to save the key (/home/richard/.ssh/id_rsa): 
Created directory '/home/richard/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/richard/.ssh/id_rsa
Your public key has been saved in /home/richard/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:F217Tplf9iVDvyTRBRfkeXEdQfCugtgC16BrpRqQYpE admin@example.com
The key's randomart image is:
+---[RSA 4096]----+
|             .=OO|
|  .        .  +.*|
| E     .  . o..=.|
|  o   . o  o oo+.|
|.+   o oS.. ..Bo=|
|o .   * o..  ++==|
|   . + o o . ...o|
|    +   .   .    |
|   .             |
+----[SHA256]-----+

Once done, two new files should be created in your home directory (id_rsa and id_rsa.pub).

That’s it! You have successfully created a key pair.

Copy the public key to target system

Now that you have a keypair, your next step is to copy your public key (id_rsa.pub) to the remote server. There are multiple ways to do it. The easiest and recommended way to copy the public key to the server is to use the ssh-copy-id tool.

Run the command below to copy your public key to a remote server.

ssh-copy-id username@server_ip_address

Replace the username and server_ip_address with your account on the remote server.

Since key-based authentication isn’t yet configured, you’ll be prompted to type in your SSH password.

Once authenticated, the public key ~/.ssh/id_rsa.pub will be appended to the remote user ~/.ssh/authorized_keys file, and the connection will be closed.

richard@10.0.2.17's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'richard@10.0.2.17'"
and check to make sure that only the key(s) you wanted were added.

Configure SSH for passwordless login

After you’ve copied your public key, the next step is turning off password authentication.

Log on to the remote server with your password, then open the SSH configuration file by running the commands below.

sudo nano /etc/ssh/sshd_config

In the file, find the lines below and change the value to match these.

PasswordAuthentication no
ChallengeResponseAuthentication no
UsePAM no

Save the file and exit.

Restart the SSH server on the remote host.

sudo systemctl restart ssh

After that, password login should be disabled.

Next type simply typing the command below will log you in without a password prompt.

ssh username@server_ip_address

That should do it!

Conclusion:

This post showed you how to set up key-based SSH authentication on Ubuntu Linux. Please use the comment form if you find errors or want to add something below.