Sep 21, 2023 5 min read

How to Set Up SSH Keys on Ubuntu 20.04

Set Up SSH Keys on Ubuntu 20.04 with our step-by-step tutorial. SSH keys securely authenticate client-server connections.

Set Up SSH Keys on Ubuntu 20.04
Table of Contents

Choose a different version or distribution

Introduction

Before we begin talking about how to install set up SSH Keys on Ubuntu 20.04, let's briefly understand – What are SSH Keys?

SSH keys are a secure way to authenticate and establish a connection between a client and a server. They consist of a pair of keys: a public key and a private key. The public key is shared with the server, while the private key is kept secret.

When a client attempts to connect to the server, the server uses the public key to verify the client's identity. This method provides stronger security than traditional password-based authentication. With SSH keys, you can securely access remote servers, transfer files, and perform administrative tasks.

This tutorial covers how to generate SSH keys on Ubuntu 20.04 computers. We'll also teach you how to access remote Linux servers without entering a password using SSH key-based authentication.

Advantages of SSH Keys

  1. Enhanced Security: SSH keys provide stronger security compared to passwords, reducing the risk of unauthorized access.
  2. Convenient Authentication: With SSH keys, you can authenticate quickly without the need to remember and enter passwords.
  3. Automation and Scripting: SSH keys enable automated and scripted tasks, making it easier to manage and administer multiple servers.
  4. Easy User Management: SSH keys simplify user management by granting or revoking access by adding or removing keys from the server.
  5. Secure File Transfer: SSH keys facilitate secure file transfers between the client and server, ensuring data confidentiality and integrity.

Creating SSH keys on Ubuntu

On your Ubuntu client system, there's a good possibility you already have an SSH key pair. The existing key pair will be overwritten if you generate a new one. Run the following ls command to see if the key files exist:

ls -l ~/.ssh/id_*.pub

If the program returns No such file or directory, or no matches found, the user does not have SSH keys, and you can move on to the following stage and build an SSH key pair. Otherwise, if you already have an SSH key pair, you can use it or backup the old keys and generate a new pair.

Run the following command to generate a fresh 4096-bit SSH key pair with your email address as a comment:

ssh-keygen -t rsa -b 4096 -C "[email protected]"

You'll be asked to give the file a name:

Enter file in which to save the key (/home/yourusername/.ssh/id_rsa):

Most users should be happy with the default location and file name. To accept and proceed, press Enter.

You'll then be asked to type a secure passphrase. A passphrase gives an extra layer of protection. If you create a passphrase, you'll be prompted to type it in every time you use the key to access the remote system.

Press Enter if you don't want to establish a passphrase.

Enter passphrase (empty for no passphrase):

Type the below command to see if your new SSH key pair has been generated:

ls ~/.ssh/id_*
Output

/home/yourusername/.ssh/id_rsa /home/yourusername/.ssh/id_rsa.pub

It's done. On your Ubuntu client system, you've successfully generated an SSH key pair.

Copy the Public Key to the Remote Server

After you've created an SSH key pair, copy the public key to the remote server you want to control.

The ssh-copy-id program is the simplest and most recommended approach to copy the public key to the server. Now, type on your local machine.

ssh-copy-id remote_username@server_ip_address

You'll be asked to input the remote user password:

Output

remote_username@server_ip_address's password:

The public key ~/.ssh/id_rsa.pub will be inserted into the remote user's ~/.ssh/authorized_keys keys file once the user has been authenticated, and the connection will be closed.

Output

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'username@server_ip_address'"
and check to make sure that only the key(s) you wanted were added.

If the ssh-copy-id software is not available on your local machine, copy the public key using the following command:

cat ~/.ssh/id_rsa.pub | ssh remote_username@server_ip_address "mkdir -p ~/.ssh && chmod 700 ~/.ssh && cat >> ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys"

Login to your Server using SSH Keys

You should be able to log in to the remote server without being requested a password after following the steps above.

To test it, use SSH to connect to your server:

ssh remote_username@server_ip_address

You will be logged in immediately if you haven't set a passphrase for the private key. If you don't, you'll be requested to enter your password.

Disabling SSH Password Authentication

Password authentication is disabled, which gives an extra degree of security to your server.

Make sure you can log in to your server without a password and that the user you're logging in with has sudo rights before deactivating SSH password authentication.

To connect to your remote server, follow these steps:

ssh sudo_user@server_ip_address

With your text editor, open the SSH configuration file:

sudo nano /etc/ssh/sshd_config

Find the following commands and change them as follows:

PasswordAuthentication no
ChallengeResponseAuthentication no
UsePAM no

Save the file and restart the SSH service with the following command:

sudo systemctl restart ssh

Password-based authentication is turned off at this point.

FAQs to Set Up SSH Keys on Ubuntu 20.04

Where can I find my SSH keys on Ubuntu?

By default, SSH keys are stored in the ~/.ssh directory. The public key has a .pub extension.

How do I copy my SSH public key to the server?

Use the command ssh-copy-id user@server_ip to copy the public key to the server and enable passwordless authentication.

Can I set a passphrase for my SSH key?

Yes, during key generation, you can choose to set a passphrase. It adds an extra layer of security to your private key.

How do I disable password-based authentication and only use SSH keys?

Edit the SSH server configuration file (/etc/ssh/sshd_config) and set PasswordAuthentication to no. Restart the SSH service.

How can I add an SSH key to an existing user on Ubuntu?

Copy the public key content to the authorized_keys file in the user's ~/.ssh directory. Create the file if it doesn't exist.

How do I revoke SSH access for a specific key?

Remove the corresponding public key from the authorized_keys file on the server. Users with that key will no longer have access.

What permissions should I set for SSH key files?

Set file permissions to 600 (read and write only for the owner) for the private key (id_rsa) and 644 for the public key (id_rsa.pub).

What if I lose my SSH key or want to change it?

Generate a new SSH key pair with ssh-keygen and update the public key on the servers you want to access. Be careful not to lose access to the servers.

Conclusion

We've shown you how to create a new SSH key pair and use it to authenticate with SSH keys. You can administer several remote servers with the same key. You've also learned how to add an extra degree of security to your server by disabling SSH password authentication.

SSH listens on port 22 by default. Automated attacks are less likely when the default SSH port is changed. Use the SSH config file to define all of your SSH connections to make your process easier.

If you have any queries, please leave a comment below and we’ll be happy to respond to them.

Great! You’ve successfully signed up.
Welcome back! You've successfully signed in.
You've successfully subscribed to DevOps Tutorials - VegaStack.
Your link has expired.
Success! Check your email for magic link to sign-in.
Success! Your billing info has been updated.
Your billing was not updated.