This brief tutorial is going to show you how to install and enable OpenSSH Server in Ubuntu 13.04 / 12.10 and older. I am also going to show you how to login via public key authentication without passwords.
The benefit of using SSH key to sign in is to protect yourself against brute-force password guessing attack. This attack consists of systematically checking all possible passwords until the correct one is found.
Since we’re going to disable password login for SSH, brute force attack will be completely unworkable in this setup.
To get started, press Ctrl – Alt – T on your keyboard to open the terminal. When it opens, run the commands below to install OpenSSH Server in Ubuntu.
sudo apt-get install openssh-server
The server is installed and by default ready to accept connections via port 22. Now that SSH server is installed on the Ubuntu server, use the client machine to create a public / private key so that both systems will use. The client will keep the private key and the server will use the client’s public key to authenticate the client.
To generate the keys, run the commands below from the client machine. The client may be a Linux machine or another OS machine like Windows or Mac with command line option to export SSH keys. After running the commands, it will prompt you to create passphrase and passwords, for the keys, don’t enter any just press Enter to skip until the keys are generated.
ssh-keygen -t rsa
Next, create a hidden .ssh folder in your home directory on the server by running the commands below. If the folder is already created, then skip below.
mkdir -p ~/.ssh
Next, run the commands below to export the client public key to the server’s ssh authorized_keys file.
cat ~/.ssh/id_rsa.pub | ssh richard@server_name 'cat >> .ssh/authorized_keys'
replace server_name with your server name.
If everything goes as planned, you should be able to access the server without password by running the commands below.
ssh username@server_name
replace username & server_name with your own info
Now go and open ssh configuration file and make sure that only users with the private key will be allowed in. To do that, run the commands below.
sudo vi /etc/ssh/sshd_config
Than, change the line below to
PasswordAuthentication no
Restart SSH by running the commands below.
sudo /etc/init.d/ssh restart
If you run into trouble and see the error message ‘Agent admited failure to sign using the key’, run the command below on the client machine to enable managed ssh-agent.
ssh-add
Also, if you’re getting ‘Permission denied (publickey)’, open ssh configuration file and change the line to look like this.
ChallengeResponseAuthentication no
Public key login will only be permitted if these two lines are enable in ssh config file.
RSAAuthentication yes
PubkeyAuthentication yes
PermitRootLogin no
Enjoy!
Frequently Asked Questions
How to enable SSH in Ubuntu 13.04?
To enable SSH in Ubuntu 13.04, you can install and enable OpenSSH Server by running 'sudo apt-get install openssh-server' command.
How to force users to use SSH keys without password in Ubuntu?
You can force users to use SSH keys without passwords in Ubuntu by setting up public key authentication. This method enhances security by preventing brute-force password guessing attacks.
What is the benefit of using SSH keys for login?
Using SSH keys for login provides protection against brute-force password guessing attacks. By disabling password login and using keys, you enhance security on your Ubuntu server.
How to generate SSH keys on a client machine?
To generate SSH keys on a client machine, run the command 'ssh-keygen -t rsa'. Follow the prompts to create the keys without entering any passphrase or password.
How to create a .ssh folder on the server?
To create a .ssh folder on the server, run the command 'mkdir -p ~/.ssh'. This folder is used to store authorized keys for SSH authentication.
What is the default port for SSH connections?
The default port for SSH connections is port 22. After installing OpenSSH Server in Ubuntu, it will be ready to accept connections on this port.
Can SSH keys be used for authentication between different OS machines?
Yes, SSH keys can be used for authentication between different OS machines. As long as the client machine can generate SSH keys, they can be used for secure authentication.
How does public / private key authentication work in SSH?
In public / private key authentication, the client generates a pair of keys – public and private. The client keeps the private key secure, while the server uses the public key to authenticate the client without requiring a password.