# How to implement SSH Keys in Ubuntu
SSH keys provide an easy, passwordless and secure way of logging into your server.
The following tutorial has been tested on Ubuntu 18.04.2 LTS (GNU/Linux 4.9.140-tegra aarch64).
# Install a terminal
The following applications are recommended:
- The terminal can be open with CTRL+Alt+T
- JuiceSSH (opens new window) Free SSH client for Android.
# Check for existing SSH keys
First, check whether there are already keys on the computer you are using:
If you see files named
id_dsa.pub you have keys set up already, so you can skip ⏩ the generating keys step.
# Generate new SSH keys
To generate new SSH keys enter the following command:
Leave the field empty for no passphrase.
Now look inside your .ssh directory:
and you should see the files
authorized_keys id_rsa id_rsa.pub known_hosts
id_rsa file is your private key.
Keep this on your computer. Do not share it!
id_rsa.pub file is your public key. This is what you share with machines you want to connect to. When the machine you try to connect to matches your public and private key, it will allow you to connect.
# Copy your public key to your device
Copy the file manually over SSH:
cat ~/.ssh/id_rsa.pub | ssh <USER>@<IP-ADDRESS> "cat >> ~/.ssh/authorized_keys"
or paste it from the clipboard. Replace <ID_RSA.PUB> by your key.
echo "<ID_RSA.PUB>" >> ~/.ssh/authorized_keys
Do not overwrite your existing keys!
> overwrite the file
>> append to the file
Now try ssh
<USER>@<IP-ADDRESS> and you should connect without a password prompt.
# Disable password authentication
Force the usage for the SSH Keys in WAN and keep the password access in LAN.
Edit the file
sudo vim /etc/ssh/sshd_config
Press a to edit in vim. Apply the fellow changes:
PasswordAuthentication no ChallengeResponseAuthentication no Match Address 192.168.0.0/16 PasswordAuthentication yes
Save and close the file.
Press ESC and type
Reload the ssh server:
sudo systemctl reload ssh
There are two motd (opens new window), when connecting with the ssh keys.
If you know how to fix this, please let me know.