Generate SSH Key Pair in Your Linux Machine
In this tutorial, we demonstrate how to ssh into a remote Ubuntu 16.04 server using private key authentication from any Linux local machine, in this case, CentOS 7.
Special Note: if you are looking for a safer, more secure web hosting service, consider the top Linux hosting services shown on HostAdvice, with expert and user reviews included.
Special Note: SSH is installed by default on Ubuntu. However, if it’s not installed for some reason, you can install using this command:
$ sudo apt-get install openssh-server
$ ssh-keygen
Confirm that ssh key-pair id_rsa and id_rsa.pub has been produced at the user’s home directory /home/linuxuser/.ssh.
Copy the SSH Public Key in the Remote Ubuntu 16.04 Server
First Option: Use ssh-copy-id
Run the command.
$ ssh-copy-id linuxuser@ubuntu16-hostadvice
This option copies and adds the public key (id_rsa.pub) automatically to the remote user’s home directory’s .ssh/authorized_keys
file. You can confirm this by logging into the remote Ubuntu 16.04 server and opening the user’s home directory .ssh/authorized_keys
file using an editor like vim or nano.
Second Option: Copy the Public Key Manually
First, create the directory named “.ssh” in the home folder of remote user account “linuxuser”.
$ mkdir -p ~/.ssh
OR
$ mkdir -p /home/linuxuser/.ssh
Then, create a file named “authorized_keys” by running the command.
$ nano ~/.ssh/authorized_keys
Then paste the public key from the clipboard into nano editor and save by pressing “Ctrl-O”.
Set the correct permissions of the directory and file.
$ chmod 700 ~/.ssh
$ chmod 600 ~/.ssh/authorized_keys
Then, restart the sshd service.
$ sudo systemctl restart sshd
Now, test if the ssh key pair is really working.
Test ssh key pair functionality
Log into the remote Ubuntu 16.04 from the Centos 7 local machine.
$ ssh -i ~/.ssh/id_rsa linuxuser@ubuntu16-hostadvice
OR simply
$ ssh linuxuser@ubuntu16-hostadvice
Upon successful authentication and login, you should be in your remote user’s terminal.
Since it’s verified that the ssh key-pair is working as required, it’s a BEST practice to disable password authentication in the server by editing the ssh configuration file “sshd_config”. This is to eliminate any risk of brute force attack via password cracking.
Edit the sshd_config file
Let’s edit the configuration file by running command:
$ sudo vim /etc/ssh/sshd_config
See figure 13. Set value of PasswordAuthentication to “no”
PasswordAuthentication no
Uncomment and set other important settings in the config file as follows and save the file. (See figure 13)
PubkeyAuthentication yes AuthorizedKeyFile .ssh/authorized_keys ChallengeResponseAuthentication no
Restart the sshd service to enable the changes in the config file by running the command.
$ sudo systemctl restart sshd
From now on, it’s possible to log into the server using ssh keys ONLY and NOT A PASSWORD.
This is not yet over. The UFW (Uncomplicated Firewall) has to be set up to filter ssh through the firewall.
Configure ufw (Uncomplicated Firewall) for ssh
Check if UFW is installed:
$ dpkg -l | grep ufw
If ufw is listed, then it’s already installed.
Special Note: By-default, ufw is usually installed in Ubuntu, however if for some reasons it’s not there you can install using :
$ sudo apt-get install ufw
Check if OpenSSH is one the applications with a registered profile on UFW.
$ sudo ufw app list
From the output, OpenSSH is the only application with a registered profile on UFW
$ sudo ufw app list
Ensure the firewall allows SSH connections
$ sudo ufw allow OpenSSH
Reload the firewall and enable it on boot
$ sudo ufw enable
Confirm that SSH connection is allowed through UFW
$ sudo ufw status
From the output, UFW is enabled and SSH connections are allowed via UFW firewall.
You can learn more about web hosting security in HostAdvice’s guide to hosting security.
Check out the top 3 Dedicated server hosting services:
- Get answer to all of your queries about best VPS hosting by clicking here.