How to implement SSH Keys in Ubuntu
SSH keys provide an easy, passwordless and secure way of logging into your server.
The following tutorial has been tested on Ubuntu 18.04.2 LTS (GNU/Linux 4.9.140-tegra aarch64).
Install a terminal
The following applications are recommended:
- Linux
- The terminal can be open with CTRL+Alt+T
- Windows
- Android
- JuiceSSH Free SSH client for Android.
Check for existing SSH keys
First, check whether there are already keys on the computer you are using:
ls ~/.ssh
If you see files named id_rsa.pub
or id_dsa.pub
you have keys set up already, so you can skip ⏩ the generating keys step.
Generate new SSH keys
To generate new SSH keys enter the following command:
ssh-keygen
Leave the field empty for no passphrase. Now look inside your .ssh directory:
ls ~/.ssh
and you should see the files id_rsa
and id_rsa.pub
:
authorized_keys id_rsa id_rsa.pub known_hosts
The id_rsa
file is your private key.
Privacy warning
Keep this on your computer. Do not share it!
The id_rsa.pub
file is your public key. This is what you share with machines you want to connect to. When the machine you try to connect to matches your public and private key, it will allow you to connect.
Copy your public key to your device
Copy the file manually over SSH:
cat ~/.ssh/id_rsa.pub | ssh <USER>@<IP-ADDRESS> "cat >> ~/.ssh/authorized_keys"
or paste it from the clipboard. Replace <ID_RSA.PUB> by your key.
echo "<ID_RSA.PUB>" >> ~/.ssh/authorized_keys
Do not overwrite your existing keys!
> overwrite the file >> append to the file
Now try ssh <USER>@<IP-ADDRESS>
and you should connect without a password prompt.
Disable password authentication
Force the usage for the SSH Keys in WAN and keep the password access in LAN.
Edit the file /etc/ssh/sshd_config
sudo vim /etc/ssh/sshd_config
Press a to edit in vim. Apply the fellow changes:
PasswordAuthentication no
ChallengeResponseAuthentication no
Match Address 192.168.0.0/16
PasswordAuthentication yes
Save and close the file.
Press ESC and type
:wq
Reload the ssh server:
sudo systemctl reload ssh
TIP
There are two motd, when connecting with the ssh keys. If you know how to fix this, please let me know.
Done! 🎉