How to implement SSH Keys in Ubuntu

SSH keys provide an easy, passwordless and secure way of logging into your server.

The following tutorial has been tested on Ubuntu 18.04.2 LTS (GNU/Linux 4.9.140-tegra aarch64).

Install a terminal

The following applications are recommended:

• Linux
  • The terminal can be open with CTRL+Alt+T
• Windows
  • PuTTY PuTTY is a free implementation of Telnet and SSH for Windows and Unix platforms.
  • Git BASH Git for Windows provides a BASH emulation used to run Git from the command line.
• Android
  • JuiceSSH Free SSH client for Android.

Check for existing SSH keys

First, check whether there are already keys on the computer you are using:

ls ~/.ssh

If you see files named id_rsa.pub or id_dsa.pub you have keys set up already, so you can skip ⏩ the generating keys step.

Generate new SSH keys

To generate new SSH keys enter the following command:

ssh-keygen

Leave the field empty for no passphrase. Now look inside your .ssh directory:

ls ~/.ssh

and you should see the files id_rsa and id_rsa.pub:

authorized_keys  id_rsa  id_rsa.pub  known_hosts

The id_rsa file is your private key.

Privacy warning

Keep this on your computer. Do not share it!

The id_rsa.pub file is your public key. This is what you share with machines you want to connect to. When the machine you try to connect to matches your public and private key, it will allow you to connect.

Copy your public key to your device

Copy the file manually over SSH:

cat ~/.ssh/id_rsa.pub | ssh <USER>@<IP-ADDRESS> "cat >> ~/.ssh/authorized_keys"

or paste it from the clipboard. Replace <ID_RSA.PUB> by your key.

echo "<ID_RSA.PUB>" >> ~/.ssh/authorized_keys

Do not overwrite your existing keys!

> overwrite the file >> append to the file

Now try ssh <USER>@<IP-ADDRESS> and you should connect without a password prompt.

Disable password authentication

Force the usage for the SSH Keys in WAN and keep the password access in LAN.

Edit the file /etc/ssh/sshd_config

sudo vim /etc/ssh/sshd_config

Press a to edit in vim. Apply the fellow changes:

PasswordAuthentication no
ChallengeResponseAuthentication no

Match Address 192.168.0.0/16
    PasswordAuthentication yes

Save and close the file.

Press ESC and type :wq

Reload the ssh server:

sudo systemctl reload ssh

TIP

There are two motd, when connecting with the ssh keys. If you know how to fix this, please let me know.

Done! 🎉