How to Setup SSH Key Login on Ubuntu Linux

This post shows students and new users step to install and configure SSH with key login with no password or passwordless. SSH supports various authentication methods. Authenticating using public key is more secure and convenient than traditional password authentication.

Secure Shell (SSH) is a communication protocol that allows for secure communication between networked computers. Using this post, you’ll learn how to set up an SSH key-based authentication on Ubuntu Linux and login without entering a password.

If you’re a webmaster or an IT professional managing a SSH server, the most secure way is to setup a passwordless authentication and only allow public keys.

Also, for students and new users learning Linux, the easiest place to start learning is on Ubuntu Linux. Ubuntu is the modern, open source Linux operating system for desktop, servers and other devices.

To get started setting up key-based SSH authentication on Ubuntu, follow the steps below.

How to create SSH keys on Ubuntu Linux

As mentioned above, key-based authentication is the most secure way to logon to a SSH server. If you haven’t already created a SSH key, then run the commands below to create one.

The command below generate a new 4096 bits SSH key pair with your email address as a comment.

ssh-keygen -t rsa -b 4096 -C "your_username@example.com"

After running the commands above, you’ll be prompted to specify filename for the keys. In most cases, the default location and filename should work.

Enter file in which to save the key (/home/yourusername/.ssh/id_rsa):

Next, you’ll be asked to type a secure passphrase. A passphrase adds an extra layer of security so each time you must type the passphrase before you use the key to login to the remote machine.

Enter passphrase (empty for no passphrase):

Press ENTER without typing a passphrase.

On your screen, the entire interaction should look similar to the one below.

Generating public/private rsa key pair.
Enter file in which to save the key (/home/richard/.ssh/id_rsa): 
Created directory '/home/richard/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/richard/.ssh/id_rsa
Your public key has been saved in /home/richard/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:F217Tplf9iVDvyTRBRfkeXEdQfCugtgC16BrpRqQYpE admin@example.com
The key's randomart image is:
+---[RSA 4096]----+
|             .=OO|
|  .        .  +.*|
| E     .  . o..=.|
|  o   . o  o oo+.|
|.+   o oS.. ..Bo=|
|o .   * o..  ++==|
|   . + o o . ...o|
|    +   .   .    |
|   .             |
+----[SHA256]-----+

Once done, two new files should be created in your home directory (id_rsa and id_ras.pub).

That’s it! You have successfully created a keypair.

How to copy public key on Ubuntu

Now that you have a keypair, you next step is to copy your public key to the remove SSH server. There are multiple ways to do it. The easiest and the recommended way to copy the public key to the server is to use the ssh-copy-id tool.

Run the command below to copy your public key to a remote server.

ssh-copy-id username@server_ip_address

Replace the username and server_ip_address with your account on the remote server.

You’ll be prompted to type in your SSH password since key-based authentication isn’t yet configured.

Once authenticated, the public key ~/.ssh/id_rsa.pub will be appended to the remote user ~/.ssh/authorized_keys file, and the connection will be closed.

richard@10.0.2.17's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'richard@10.0.2.17'"
and check to make sure that only the key(s) you wanted were added.

How to configure SSH for passwordless login

Now that you’ve copied over your public key, the next step is to disable password authentication.

Logon to the remote server with your password, then open SSH configuration file by running the commands below.

sudo nano /etc/ssh/sshd_config

In the file, find the lines below and change the value to match these.

PasswordAuthentication no
ChallengeResponseAuthentication no
UsePAM no

Save the file and exit.

Restart SSH server on the remote host.

sudo systemctl restart ssh

After that, password login should be disabled.

Next type simply by typing the command below will log you in without password prompt.

ssh username@server_ip_address

That should do it!

Conclusion:

This post showed you how setup key-based SSH authentication on Ubuntu Linux. If you find any error or want to add something below, please use the comment form.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.