First thought, what is SSH? It is a protocol for creating a secure connection to a remote computer or a server. A shell session starts when a secure SSH connection is established, you can run commands on remote machines, create tunnels, forward ports, and more by typing commands within the client on your local computer.
SSH supports authentication using username and password or public and private key pair.SSH keys are more secure.
Let’s interact and study how to generate SSH keys, set-up SSH key-based authentication and connect to remote Linux servers [Ubuntu 20.04]
Generate SSH keys on Ubuntu.
When you start an ssh session, from the ssh prompt, input these commands:
ssh-keygen -t rsa
To create a new keypair with your email address as a comment, type the following command:
ssh-keygen -t RSA -b 4096 -C “your_email@domain.com.”
The output is
Generating public/private rsa key pair.
Enter file in which to save the key (/home/tokslaw/.ssh/id_rsa):
Press enter to save the key pair into the .ssh/ subdirectory in your home directory
Created directory ‘/Users/tokslaw/.ssh’.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /Users/tokslaw/.ssh/id_rsa.
Your public key has been saved in /Users/tokslaw/.ssh/id_rsa.pub.
For more security, entering a passphrase adds an extra layer of protection.
The key fingerprint is:
SHA256:lnyke7Nmkny5HXnM4Zv5Iv6cyqpUPSE8ysxxxxx tokslaw@taborg
The key’s randomart image is:
+—[RSA 3072]—-+
| |
| . |
| = . |
| = * + . |
| . . S o o . |
| . . . . + * . |
|E . . .o.o.o = |
|o= . .+.==.+.= |
|..o .*++=+Bo.|
+—-[SHA256]—–+
That’s it. You’ve successfully generated an SSH key pair [public and private key ]
Next Step: Copy the Public Key to the Remote Server
To copy the public key to the remote server, you want to maintain, use the ssh-copy-id tool on your local machine type the following command:
ssh-copy-id remote_username@server_ip_address
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: “/home/tokslaw/.ssh/id_rsa.pub”
The authenticity of host ‘10.0.0.52 (10.0.0.52)’ can’t be established.
ECDSA key fingerprint is SHA256:/mPot8t9+QiAThVseVOd9EnVsykrZCt1/U6qpRqvlUQ.
Are you sure you want to continue connecting (yes/no/[fingerprint])?
With output like this, your machine does not recognize the remote host. Happens mostly when you connect to a new host for the first time. Type “yes” and press ENTER to continue.
Type in the password as prompted and press ENTER. The tool will connect to the account on the remote host using the password. It automatically copies the contents of your ~/.ssh/id_rsa.pub key into a file in the remote account’s home ~/.ssh directory called authorized_keys.
output
Number of keys (s) added: 1
Now try logging into the machine, with “ssh ‘tokslaw@10.0.0.52′”
and check to make sure that only the key(s) you wanted were added.
Next — Authenticate to Ubuntu Server Using SSH Key
To authenticate, type the following command:
ssh username@remote_host
Remember to replace the content – username above with the server you want to connect with the username account.
Conclusion
Hooray! you have succesfully configured SSH-key-based authentication on your server.