How To Set Up SSH for an Ubuntu 16.04 VPS From a Linux Client

How to set up ssh private key authentication on an Ubuntu 16.04 server with a Linux client

In this tutorial, we demonstrate how to ssh into a remote Ubuntu 16.04 server using private key authentication from any Linux local machine, in this case, CentOS 7.

Special Note: SSH is installed by default on Ubuntu. However, if it’s not installed for some reason, you can install using this command:

$ sudo apt-get install openssh-server

 

$ ssh-keygen

Confirm that ssh key-pair id_rsa and id_rsa.pub has been produced at the user’s home directory /home/linuxuser/.ssh.

Copy the SSH Public Key in the Remote Ubuntu 16.04 Server

First Option: Use ssh-copy-id

Run the command.

$ ssh-copy-id linuxuser@ubuntu16-hostadvice

This option copies and adds the public key (id_rsa.pub) automatically to the remote user’s home directory’s .ssh/authorized_keys file. You can confirm this by logging into the remote Ubuntu 16.04 server and opening the user’s home directory .ssh/authorized_keys file using an editor like vim or nano.

Second Option: Copy the Public Key Manually

First, create the directory named “.ssh” in the home folder of remote user account “linuxuser”.

$ mkdir -p ~/.ssh

OR

$ mkdir -p /home/linuxuser/.ssh

Then, create a file named “authorized_keys” by running the command.

$ nano ~/.ssh/authorized_keys

Then paste the public key from the clipboard into nano editor and save by pressing “Ctrl-O”.

Set the correct permissions of the directory and file.

$ chmod 700 ~/.ssh
$ chmod 600 ~/.ssh/authorized_keys

Then, restart the sshd service.

$ sudo systemctl restart sshd

Now, test if the ssh key pair is really working.

Test ssh key pair functionality

Log into the remote Ubuntu 16.04 from the Centos 7 local machine.

$ ssh -i ~/.ssh/id_rsa linuxuser@ubuntu16-hostadvice

OR simply

$ ssh linuxuser@ubuntu16-hostadvice

Upon successful authentication and login, you should be in your remote user’s terminal.

Since it’s verified that the ssh key-pair is working as required, it’s a BEST practice to disable password authentication in the server by editing the ssh configuration file “sshd_config”.  This is to eliminate any risk of brute force attack via password cracking.

Edit the sshd_config file

Let’s edit the configuration file by running command:

$ sudo vim /etc/ssh/sshd_config

See figure 13. Set value of PasswordAuthentication to “no”

PasswordAuthentication no

Modify settings in sshd_config

Uncomment and set other important settings in the config file as follows and save the file. (See figure 13)

PubkeyAuthentication yes
AuthorizedKeyFile    .ssh/authorized_keys
ChallengeResponseAuthentication no

Restart the sshd service to enable the changes in the config file by running the command.

$ sudo systemctl restart sshd

From now on, it’s possible to log into the server using ssh keys ONLY and NOT A PASSWORD.

This is not yet over. The UFW (Uncomplicated Firewall) has to be set up to filter ssh through the firewall.

Configure ufw (Uncomplicated Firewall) for ssh

Check if UFW is installed:

$ dpkg -l | grep ufw

If ufw is listed, then it’s already installed.

Special Note: By-default, ufw is usually installed in Ubuntu, however if for some reasons it’s not there you can install using

$ sudo apt-get install ufw

Check if OpenSSH is one the applications with a registered profile on UFW.

$ sudo ufw app list

From the output, OpenSSH is the only application with a registered profile on UFW

$ sudo ufw app list

Ensure the firewall allows SSH connections

$ sudo ufw allow OpenSSH

Reload the firewall and enable it on boot

$ sudo ufw enable

Confirm that SSH connection is allowed through UFW

$ sudo ufw status

 

Check out the top 3 Linux hosting services

Was this article helpful?