Logo

Published

- 3 min read

Generating and Working with SSH Keys on Ubuntu 20.04

SSH Ubuntu Linux Security
img of Generating and Working with SSH Keys on Ubuntu 20.04

SSH or Secure Shell is a cryptographic network protocol for operating network services securely over an unsecured network. Typical applications include remote command-line login and remote command execution, but any network service can be secured with SSH.

To access a remote server without using a password, an SSH key is the best solution. To generate SSH public and private key pairs, several cryptographic algorithms can be used such as RSA, DSA, and ECDSA. In this tutorial, we will use RSA as the cryptographic algorithm to generate SSH key pairs.

1. Generating the RSA Keypair on Your Workstation

Run the following command to generate an RSA keypair:

   ssh-keygen -t rsa -b 4096

This will prompt for a location to save the RSA keys:

   Generating public/private rsa key pair.
Enter file in which to save the key (/home/user/.ssh/id_rsa):

Press ENTER to save the key in the default .ssh directory inside the home directory.

Next, you will be prompted to enter a passphrase for extra security. Press ENTER to skip this step if you do not want a passphrase.

   Enter passphrase (empty for no passphrase):
Enter same passphrase again:

After completing these steps, you should see the following output:

   Your identification has been saved in /home/user/.ssh/id_rsa
Your public key has been saved in /home/user/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:examplehash user@user_server
The key's randomart image is:
+---[RSA 4096]----+
|      .o.oo==*oo.|
|     .o o =o+o=+=|
|    .o.+ o ..o.*+|
|   o..o .   . o.o|
|    +.  C       o|
|   o=  .         |
|   K..o          |
|    ++..         |
|   o+=o          |
+----[SHA256]-----+

Check the .ssh directory to see the generated files:

   ls -l ~/.ssh

Example output:

   total 8.0K
-rw------- 1 user user 3.4K Nov 29 09:03 id_rsa
-rw-r--r-- 1 user user  756 Nov 29 09:03 id_rsa.pub
  • id_rsa: The private key (DO NOT SHARE THIS FILE!).
  • id_rsa.pub: The public key (this can be shared).

2. Copying Your Public SSH Key to a Server

Copy the public key to the remote server you want to access:

   cat ~/.ssh/id_rsa.pub | ssh user@remote_host "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"

You will be prompted to confirm the server’s authenticity and enter the remote server’s password:

   The authenticity of host 'xx.xxx.xx.xxx (xx.xxx.xx.xxx)' can't be established.
ECDSA key fingerprint is SHA256:examplehash.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added 'xx.xxx.xx.xxx' (ECDSA) to the list of known hosts.
user@xx.xxx.xx.xxx's password:

Set the appropriate permissions on the remote server:

   # On remote host
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys

3. Verifying Remote Access via SSH

Test the SSH connection to the remote host without a password:

   ssh user@xx.xxx.xx.xxx

If successful, you will gain access to the remote server. For example, listing the contents of the home directory:

   ssh user@xx.xxx.xx.xxx ls

Congratulations! You have successfully configured SSH key-based authentication.

Originally published at onloadcode.com.