How to Set Up SSH Keys on Ubuntu 18.04

SSH stands for “Secure Shell” and is an encrypted protocol used to log in and manage a remote server. SSH also supports various authentication mechanisms. SSH uses password-based authentication and public key-based authentication for a secure connection between a client and a server. SSH key-based authentication is more secure than password-based authentication because keys are very hard to guess or crack using currently available computing power.

In this tutorial, we will show you how to set up SSH key-based authentication on an Ubuntu 18.04 server.

Step 1 – Generate the SSH Key on the Client Machine

First, log in to your client machine and generate a new SSH key pair by running the following command:

ssh-keygen -t rsa

You will need to press Enter to accept the default file location and provide a passphrase to add an extra layer of security, as shown below:

Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
cd:58:c4:35:60:6f:a4:2e:f0:b7:42:c5:20:78:86:b2 root@rsyslog-client
The key's randomart image is:
+--[ RSA 2048]----+
|     o. ..+o+    |
|  . o o. =.+ .   |
|   o o.   = o    |
|  E    o B .     |
|        S =      |
|       . o .     |
|        . .      |
|         .       |
|                 |
+-----------------+

The above command will generate a 2048-bit RSA key pair with a secure passphrase to prevent unauthorized users from logging in.

You can see the generated public and private keys with the following command:

ls -l .ssh/id_rsa*

You should see the following output:

-rw------- 1 root root 1766 Nov  1 11:03 .ssh/id_rsa
-rw-r--r-- 1 root root  401 Nov  1 11:03 .ssh/id_rsa.pub

At this point, you have public and private keys that you can use to authenticate with your Ubuntu server.

Step 2 – Copy the Public Key to the Ubuntu Server

Next, you will need to copy the public key from the client machine to your Ubuntu 18.04 server. You can copy the public key with ssh-copy-id utility as shown below:

ssh-copy-id root@your-server-ip

You should see the following output:

The authenticity of host '192.168.0.102 (192.168.0.102)' can't be established.
ECDSA key fingerprint is f7:9c:72:63:33:ac:d6:49:26:9c:af:c6:ff:11:27:01.
Are you sure you want to continue connecting (yes/no)? yes

Type “yes” and press ENTER to continue. You should see the following output:

/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
[email protected]'s password:

Next, you will be prompted to enter the remote username and password. After the successful authentication, the content of the public key ~/.ssh/id_rsa.pub will be appended to the remote user ~/.ssh/authorized_keys file as shown below:

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh '[email protected]'"
and check to make sure that only the key(s) you wanted were added.

Step 3 – Disable SSH Password Authentication

Next, log in to your Ubuntu 18.04 server machine and disable SSH password-based authentication to add an extra layer of security to your server.

You can disable password-based authentication by editing the file /etc/ssh/sshd_config:

nano /etc/ssh/sshd_config

Find the following lines and change the value to “no”:

PasswordAuthentication no
ChallengeResponseAuthentication no
UsePAM no

Save and close the file, then restart SSH service to apply the configuration:

systemctl restart ssh

Step 4 – Log in to the Server using SSH Keys

At this point, SSH key-based authentication is configured. Now it’s time to log in to the Ubuntu 18.04 server machine with the public key.

You can login to your Ubuntu 18.04 server by simply running the following command:

ssh root@your-server-ip

If you are logging in for the first time, you will be prompted as shown below:

The authenticity of host '192.168.0.102 (192.168.0.102)' can't be established.
ECDSA key fingerprint is f7:9c:72:63:33:ac:d6:49:26:9c:af:c6:ff:11:27:01.
Are you sure you want to continue connecting (yes/no)? yes

Type Yes and hit Enter key to continue. Next, you will be prompted to enter the passphrase for your private key as shown below:

Enter passphrase for key '/root/.ssh/id_rsa':

Provide your private key passphrase and hit Enter to log in to your server.

Conclusion

In the above tutorial, we learned how to set up an SSH key-based authentication with a passphrase on Ubuntu 18.04. The connection between your client machine and Ubuntu 18.04 server machine is now highly secure. You can also use the same key for another remote server. If you’re ready to get started with SSH key-based authentication, try VPS hosting with Atlantic.Net today.