Generate Ssh Key Pair On Linux

14.12.2020
6 Comments

Aug 07, 2019 Steps to setup secure ssh keys: Create the ssh key pair using ssh-keygen command. Copy and install the public ssh key using ssh-copy-id command on a Linux or Unix server. Add yourself to sudo or wheel group admin account. Disable the password login for root account. Test your password less ssh keys login using ssh user@server-name command. Generate keys with ssh-keygen. To create the keys, a preferred command is ssh-keygen, which is available with OpenSSH utilities in the Azure Cloud Shell, a macOS or Linux host, the Windows Subsystem for Linux, and other tools. Ssh-keygen asks a series of questions and then writes a private key and a matching public key. Generate an SSH Key Pair on UNIX and UNIX-Like Systems. Use the following procedure to generate an SSH key pair on UNIX and UNIX-like systems: Run the ssh-keygen command. You can use the -t option to specify the type of key to create.

Introduction

Establishing an SSH (Secure Shell) connection is essential to log in and effectively manage a remote server. Encrypted keys are a set of access credentials used to establish a secure connection.

This guide will walk you how to generate SSH keys on Ubuntu 18.04. We will also cover setting up SSH key-based authentication to connect to a remote server without requiring a password.

Generate Public Private Key Pair

  • A server running Ubuntu 18.04
  • A user account with sudo privileges
  • Access to a terminal window / command line (Ctrl-Alt-T)

If you are already running an Ubuntu 18.04 server, you can skip this step. If you are configuring your server for the first time, you may not have SSH installed.

1. Start by installing the tasksel package:

The system will first ask for confirmation before proceeding:

2. Next, use tasksel to install the ssh-server:

3. Load the SSH server service, and set it to launch at boot:

On your client system – the one you’re using to connect to the server – you need to create a pair of key codes.

To generate a pair of SSH key codes, enter the commands:

This will create a hidden directory to store your SSH keys, and modify the permissions for that directory. The ssh-keygen command creates a 2048-bit RSA key pair.

For extra security, use RSA4096:

If you’ve already generated a key pair, this will prompt to overwrite them, and those old keys will not work anymore.

The system will ask you to create a passphrase as an added layer of security. Input a memorable passphrase, and press Enter.

This process creates two keys. One is a public key, which you can hand out to anyone – in this case, you’ll save it to the server. The other one is a private key, which you will need to keep secure. The secure private key ensures that you are the only person who can encrypt the data that is decrypted by the public key.

Step 2- Copy Public Key to the Ubuntu Server

First, get the IP address of the Ubuntu server you want to connect to.

In a terminal window, enter:

The system’s IP address is listed in the second entry:

On the client system, use the ssh-copy-id command to copy the identity information to the Ubuntu server:

Replace server_IP with the actual IP address of your server.

If this is the first time you’re connecting to the server, you may see a message that the authenticity of the host cannot be established:

Type yes and press Enter.

The system will check your client system for the id_rsa.pub key that was previously generated. Then it will prompt you to enter the password for the server user account. Type it in (the system won’t display the password), and press Enter.

The system will copy the contents of the ~/.ssh/id_rsa.pub from the client system into the ~/.ssh/authorized_keys directory of the server system.

Generate Ssh Key Pair On Linux Windows 10

The system should display:

If your system does not have the ssh-copy-id command, you can copy the key manually over the SSH.

Use the following command:

To log in to a remote server, input the command:

The system should not ask for a password as it is negotiating a secure connection using the SSH keys. If you used a security passphrase, you would be prompted to enter it. After you do so, you are logged in.

If this is the first time you’ve logged into the server, you may see a message similar to the one in part two. It will ask if you are sure you want to connect – type yes and press Enter.

Step 4- Disable Password Authentication

This step creates an added layer of security. If you’re the only person logging into the server, you can disable the password. The server will only accept a login with your private key to match the stored public key.

Edit the sshd_config file:

Search the file and find the PasswordAuthentication option.

Edit the file and change the value to no:

Save the file and exit, then restart the SSH service:

Verify that SSH is still working, before ending the session:

If everything works, you can close out and resume work normally.

By following the instructions in this tutorial, you have setup SSH-key-based authentication on an Ubuntu 18.04 server.

The connection is now highly secure as it uses a set of unique, encrypted SSH keys.

Next you should also readPutty generate ssh key pair.

Learn how to set up SSH key authentication on CentOS to safely communicate with remote servers. Create the…

When establishing a remote connection between a client and a server, a primary concern is ensuring a secure…

Nginx is an open-source server utility designed to work as a reverse proxy, intercepting client requests and…

In this tutorial, Find out How To Use SSH to Connect to a Remote Server in Linux or Windows. Get started with…

Related

How To Find Broken Links on Your Website Using Wget on Debian 7 Tutorial
How To Set Up SETI@home on Ubuntu 14.04 or Debian 7 Tutorial

Introduction

You have seen in previous tutorials how to use PuTTY to connect to your VPS securely and how to create SSH keys with PuTTYgen.

You might have more than one SSH key for a single cloud server, or simply more than one cloud server or Droplet that requires SSH keys to log into. This can make you feel overwhelmed with having to manage, sort out, and link all those keys to their respective servers. That’s why Pageant exists.

Pageant is a PuTTY authentication agent. It holds your private keys in memory so that you can use them whenever you are connecting to a server. It eliminates the need to:

  • Explicitly specify the relevant key to each Linux user account, if you use more than one account to log into a server
  • Type a key’s passphrase each time you log into your user account; and your keys should be passphrase protected since having an unprotected key is as good as hiding your password under your keyboard!

Prerequisites

Make sure you have these prerequisites.

  • Pageant is installed together with the PuTTY suite; if you don’t have it installed, you can download it here
  • You should already have at least one SSH key saved on your local computer

Step 1 — Adding Keys to Pageant

Start Pageant from the PuTTY folder: Start-Menu > All Programs > PuTTY > Pageant

Pageant starts by default minimized in the system tray. To begin adding your SSH keys, you should right click on its icon and then the following context menu will show up:

Clicking on Add Key from the menu or View Keys to open up the Pageant Key List window. Here you can view, add, and remove keys:

Tip: You can access the Pageant Key List window directly by double-clicking its icon in the system tray.

Click the Add Key button. This will open the file explorer, where you can choose one or more keys at a time to load. You should select files with the .ppk extension:

Click the Open button to load the keys with Pageant.

If a key is passphrase-protected, you will be prompted to enter the passphrase only once before it can be added to the Pageant Key List:

After successfully adding a key, you can now see it listed:

Step 2 — Connecting to the Server(s)

Now these keys will be available while connecting to any server during your PuTTY sessions. You don’t have to take any extra steps in PuTTY. Just enter your hostname or IP address, and SSH user. PuTTY will automatically try to authenticate using any keys currently loaded in Pageant.

Step 3 (Optional) — Removing Keys from Pageant

If you want to remove a key from Pageant, select that key from the Pageant Key List window and press the Remove Key button. You can also remove multiple keys together by selecting them with CTRL or SHIFT.

Tips & Tricks

Linux How To Generate Ssh Key Pair

Use these tips to automate your authenticated connections with Pageant.

Loading Keys Automatically on Pageant Startup

You can make Pageant automatically load one or more private keys when it starts up, instead of adding them manually every time you start up Pageant.

Ssh Public Key Linux

Go to the Pageant shortcut icon from the Windows Start Menu or your desktop.

Right click on the icon, and click on Properties.

A new window will open containing the shortcut’s properties:

From the Shortcut tab, edit the Target field. Leave the path to pageant.exe intact. After that path, add paths to your .ppk key files. These should be outside the quotation marks. Here’s an example:

Click the Apply and then OK buttons.

Note: If the keys are encrypted, Pageant will request the passphrases on startup.

Linux Ssh Keypair

Making Pageant Run PuTTY

You can make Pageant start PuTTY or any other program once it has initialized itself and loaded any keys specified on its command line. That way you can just start Pageant instead of having to start both programs.

You can achieve this by following the same steps we used previously to add the keys automatically (see the previous section). Just add the program’s path at the end of the command in the Target field, preceded by the -c option, and contained within double quotes. Here’s an example of the full line for the Target field:

Generate Ssh Key On Linux

Other PuTTY Suite Products

Here are a few other helpful applications that can work with PuTTY.

Generate Ssh Key Pair On Linux Mac

  • PuTTYgen: A tool to generate and edit SSH public and private key pairs. It is part of the PuTTY suite, but it can also operate with the private key formats used by some other SSH clients like WinSCP
  • PSFTP: An interactive text-based client for the SSH-based SFTP (secure file transfer) protocol, that allows you to run an interactive file transfer session and perform many thing like listing the contents of directories, browsing around the file system, issuing multiple get and put commands, etc.
  • PSCP (PuTTY Secure Copy Client): A tool for transferring files securely between computers using an SSH connection