Login/Register

How to: Setup Public Key Authentication on Ubuntu

created by BasicSysAdmin

Tags: Linux, Ubuntu, Ubuntu 14.04, SSH, Ubuntu 16.04

Oct 04, 2016

Introduction

In this tutorial, I will be showing you how you can setup OpenSSH to allow you to securely login via SSH Keys. This is very useful as it adds an extra level of authentication and also works as a great protection against people trying to guess your passwords!
https://www.youtube.com/watch?v=RY8rrLyYQec
Prerequisites

In order to follow this tutorial, you will need the following

  • Ubuntu Machine
  • OpenSSH-Server installed
  • Sudo privledges (or root access)

    Generating the SSH Key

    The first thing we will need to do is to run the ssh-keygen command which will automatically generate the ssh login key for us. Make sure to do this for the user you plan to login with. When you do this, you will then be prompted to answer a few questions. I will explain each of these in the below sections however you can see a screenshot of what this looks like below as well.

    ssh-keygen


    Save Location

    The first question you will be asking where you would like to save this file. By default, it will be in your user directory inside a directory called .ssh with the name of id_rsa. If you are happy with this, just press enter. If you plan on generating multiple keys, it will be good idea to enter the full path followed by the file name as seen below

    Enter file in which to save the key (/home/wilson18/.ssh/id_rsa):
    /home/wilson18/.ssh/my_key

    Passphrase

    The next question will be asking if you want to choose a passphrase to protect this key. If you have security in mind, you should come up with a secure passphrase for this. If not, you can just leave this blank. Beware, if you do type something in, it will not show up!

    Enter passphrase (empty for no passphrase):
    Enter same passphrase again:


    File Permissions

    The next step is to make sure that the keys created have the appropriate permissions. If you do not do this, it will not work. You can do this by changing to the directory you saved these in. You then need to set the directory so only owner can read, write and execute and set the files within the directory so only the owner can read and write.

    cd ~/.ssh;
    chmod 700 ~/.ssh;
    chmod 600 ~/.ssh/*;
    ls

    You can also run the ls command to list everything which should output the following

    id_rsa id_rsa.pub

    After this, we can now add the public key into our authorised keys file. We can do this with the following command

    cat id_rsa.pub >> authorized_keys

    You then need to make sure that this file has the correct permissions.

    chmod 600 ~/.ssh/*;

    Editing the SSH Config File

    The next step is to enable this option in our SSH config file. To do this, I will be using the editor nano but feel free to use another if you prefer that one!

    sudo nano /etc/ssh/sshd_config

    Enable the Authorised Keys file

    This will probably be a large file but you will need to keep scrolling and find the line below. When you find this, you will need to remove the # symbol. This will enable the use of the file we created earlier.

    #AuthorizedKeysFile %h/.ssh/authorized_keys

    OPTIONAL - Disable password authentication

    If you would like to disable password logins then you can follow this step. The other line to look out for is where it says

    #PasswordAuthentication yes

    This should be replaced with

    PasswordAuthentication no

    Saving and restarting

    When you have made the above changes, you can now save and exit. To save the file in Nano, you will need to press Ctrl + O and then Enter. To exit, you can press Ctrl + X. You can then restart the SSH Service using the following command.

    sudo service ssh restart


    Connecting to the Server with the SSH Keys

    Depending on the system you are using, the method you can use to connect changes. Please follow the appropriate guides below.
  • Using a SSH Key to connect on Windows using Putty
  • Connect to any unix machine via SSH using a private key.