Unlock the power of secure communication! learn how to effortlessly set up ssh keys on ubuntu 22.04 with our step-by-step guide. enhance your system's security and streamline access to your server with this comprehensive tutorial. master the art of ssh key configuration and fortify your ubuntu environment in minutes!
How to Set Up SSH Keys on Ubuntu 22.04
Explore the Secure World of SSH: Unveiling Encrypted Communication and Administration Protocols for Servers. Whether you're a server administrator or a regular user navigating an Ubuntu server, your primary interaction occurs through SSH, the encrypted protocol ensuring confidentiality.
This tutorial zeroes in on the configuration of SSH keys specifically tailored for Ubuntu 22.04. Elevate your server's security with the establishment of SSH keys, offering a robust and recommended method for logging in securely. Join us as we guide you through the seamless process of fortifying your Ubuntu 22.04 installation.
Step 1 — Creating the Key Pair
Initiate the process by generating a key pair on the client machine, typically your personal computer:
ssh-keygen
After entering the command, you should see the following output:
OutputGenerating public/private rsa key pair. Enter file in which to save the key (/your_home/.ssh/id_rsa):
Press enter to save the key pair into the .ssh/ sub directory in your home directory, or specify an alternate path.
If you had previously generated an SSH key pair, you may see the following prompt:
Output/home/your_home/.ssh/id_rsa already exists. Overwrite (y/n)?
Exercise caution when opting to replace the existing key on disk, as it will render the previous key unusable for authentication. Selecting 'yes' initiates a irreversible, destructive process. Please be mindful of this choice.
Subsequently, you should encounter the following prompt:
OutputEnter passphrase (empty for no passphrase):
Here you optionally may enter a secure passphrase, which is highly recommended. A passphrase adds an additional layer of security to prevent unauthorized users from logging in.
OutputYour identification has been saved in /your_home/.ssh/id_rsa Your public key has been saved in /your_home/.ssh/id_rsa.pub The key fingerprint is: SHA256:/hk7MJ5n5aiqdfTVUZr+2Qt+qCiS7BIm5Iv0dxrc3ks user@host The key's randomart image is: +---[RSA 3072]----+ | .| | + | | + | | . o . | |o S . o | | + o. .oo. .. .o| |o = oooooEo+ ...o| |.. o *o+=.*+o....| | =+=ooB=o.... | +----[SHA256]-----+
You now have a public and private key that you can use to authenticate. The next step is to place the public key on your server so that you can use SSH-key-based authentication to log in.
Copying the Public Key Manually (Recommended)
If you do not have password-based SSH access to your server available, you will have to complete the above process manually.
We will manually append the content of your id_rsa.pub file to the ~/.ssh/authorized_keys file on your remote machine.
To display the content of your id_rsa.pub key, type this into your local computer:
cat ~/.ssh/id_rsa.pub
You will see the key’s content, which should look something like this:
Outputssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCqql6MzstZYh1TmWWv11q5O3pISj2ZFl9HgH1JLknLLx44+tXfJ7mIrKNxOOwxIxvcBF8PXSYvobFYEZjGIVCEAjrUzLiIxbyCoxVyle7Q+bqgZ8SeeM8wzytsY+dVGcBxF6N4JS+zVk5eMcV385gG3Y6ON3EG112n6d+SMXY0OEBIcO6x+PnUSGHrSgpBgX7Ks1r7xqFa7heJLLt2wWwkARptX7udSq05paBhcpB0pHtA1Rfz3K2B+ZVIpSDfki9UVKzT8JUmwW6NNzSgxUfQHGwnW7kj4jp4AT0VZk3ADw497M2G/12N0PPB5CnhHf7ovgy6nL1ikrygTKRFmNZISvAcywB9GVqNAVE+ZHDSCuURNsAInVzgYo9xgJDW8wUw2o8U77+xiFxgI5QSZX3Iq7YLMgeksaO4rBJEa54k8m5wEiEE1nUhLuJ0X/vh2xPff6SQ1BL/zkOhvJCACK6Vb15mDOeCSq54Cr7kvS46itMosi/uS66+PujOO+xt/2FWYepz6ZlN70bRly57Q06J+ZJoc9FfBCbCyYH7U/ASsmY095ywPsBo1XQ9PqhnN1/YOorJ068foQDNVpm146mUpILVxmq41Cj55YKHEazXGsdBIbXWhcrRf4G2fJLRcGUr9q8/lERo9oxRm5JFX6TCmj6kmiFqv+Ow9gI0x8GvaQ== demo@test
Utilize your preferred method to connect to the remote host.
After gaining access to your account on the remote server, ensure the existence of the ~/.ssh directory. Execute the following command, which creates the directory if absent or takes no action if it already exists:
mkdir -p ~/.ssh
At this point, you have the option to create or edit the authorized_keys file within this directory. Append the contents of your id_rsa.pub file to the end of the authorized_keys file, creating it if it doesn't exist, with the following command
echo public_key_string >> ~/.ssh/authorized_keys
In the above command, substitute the public_key_string with the output from the cat ~/.ssh/id_rsa.pub command that you executed on your local system. It should start with ssh-rsa AAAA....
Finally, we’ll ensure that the ~/.ssh directory and authorized_keys file have the appropriate permissions set:
chmod -R go= ~/.ssh
This recursively removes all “group” and “other” permissions for the ~/.ssh/ directory.
If you’re using the root account to set up keys for a user account, it’s also important that the ~/.ssh directory belongs to the user and not to root:
chown -R zabu:zabu ~/.ssh
In this tutorial our user is named zabu but you should substitute the appropriate username into the above command.
We can now attempt passwordless authentication with our Ubuntu server.
Step 3 — Authenticating to Your Ubuntu Server Using SSH Keys
If you have successfully executed any of the aforementioned procedures, you should now be able to access the remote host without entering the password for the remote account.
The fundamental process remains unchanged:
ssh username@remote_host
If this is your first time connecting to this host (if you used the last method above), you may see something like this:
OutputThe authenticity of host '203.0.113.1 (203.0.113.1)' can't be established. ECDSA key fingerprint is fd:fd:d4:f9:77:fe:73:84:e1:55:00:ad:d6:6d:22:fe. Are you sure you want to continue connecting (yes/no)? yes
This indicates that your local computer is unfamiliar with the remote host. Type "yes" and press ENTER to proceed.
If you didn't set a passphrase for your private key, you will be logged in promptly. In case you provided a passphrase during key creation, you'll be prompted to enter it now (note that your keystrokes won't be visible in the terminal for security). Upon successful authentication, a new shell session will open, connecting you to the configured account on the Ubuntu server.
If key-based authentication was successful, proceed to discover how to enhance system security by disabling password authentication.
