How to install and configure SSH with public and private keys
In this article, we will assume that you already have a debian based machine such as Debian or Ubuntu.
First, let's start by updating the current packages.
sudo apt-get update
Then, we will be able to download the necessary package.
SSH service is extremely simple on Linux. Only one command line is required. Just install the
sudo apt-get install openssh-server
That's it. In order to check that the service is installed and working, let's have a look at the service status.
sudo systemctl status ssh
Alternatively, if the
systemctlmodule is not available, you can always use the
service ssh statuscommand.
You should get something like this.
If the service is not started, you can do it with this command
sudo systemctl start sshor
sudo service ssh start. If you want the service to start automatically when the machine is started, you must type the following command :
sudo systemctl enable ssh.
Now that the
ssh service is installed, you will be able to access this machine using the following command :
username is the name of the user you wish to log in with and
ip_address is the
ip of the machine with which you installed the ssh service. To retrieve this
ip, you can type the command :
And i should appear after the key word
Now that the
ssh service is working, let's configure the
SSH key configuration
Now that we have installed the
ssh service, all that remains is to configure and secure it. One method would be to use a key set (public/private) to allow only the public key holder to connect.
Key set generation
Let's start by generating the
RSA key set on your local machine with the following command :
ssh-keygen -t rsa -b 4096 -C "key_comment"
Here, we will generate 4096-bit
RSA keys. The
-C is used to give a comment to the key so that it can be discerned later.
The previous command will ask you for the file's backup path. Leave the base path.
Enter file in which to save the key (/home/user/.ssh/id_rsa) :
Next, you will need to specify a
passphrase. For development purposes, you can leave this field empty but in production or in a remote server, I highly recommend you to choose a strong and secure
Sending the private key to the server
Now we need to send the key set to the server (or virtual machine) from our local machine.
You will then be asked to enter the password of the desired user.
You should see the following text appear :
Number of key(s) added: 1 Now try logging into the machine, with: "ssh 'username@server_ip_address'" and check to make sure that only the key(s) you wanted were added.
In case the
ssh-copy-idcommand does not work, use the following command :
cat ~/.ssh/id_rsa.pub | ssh remote_username@server_ip_address "mkdir -p ~/.ssh && chmod 700 ~/.ssh && cat >> ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys"
Editing the configuration file
All that remains is to finalise the configuration of the
ssh service. To do this, you will need to modify the
/etc/ssh/sshd_config file. You will need to apply the following changes :
PasswordAuthentication no ChallengeResponseAuthentication no UsePAM no
In this way, connections using a password will be disabled. Thus you will only be able to access the remote server using the set of keys that was created earlier.
From this point on, you will need to enter the passphrase you specified at the beginning of the operation. This way, only users who have the
sshkeys and the
passphrasewill be able to connect.
Unfortunately, if you are using several computers to access the remote server, this can quickly become tedious.
Cover by Tianyi Ma