in this article I will show you how to install SSH on a Server and Desktop, after successful installation and testing that it worked I am showing also how to use password-less authentication with SSH to elevate the security even further. We are using ssh-keygen and ssh-copy-id in the process.
Install OpenSSH Server
Secure Shell or short SSH is a very convenient and secure way to remotely manage a Linux Servers or Workstations respectively. Usually when you install a Ubuntu Server the installer is asking if the SSH Service should be installed
and I highly recommend doing so but in the case it has not been done so here is how you can install OpenSSH Server later on. Run the following command:
sudo apt install openssh-server
After installation is finished it should look like the following:
Lets check that the server is actually installed and running with the following command:
sudo systemctl status sshd
As you can see the SSH Server is installed and running.
SSH Password Login
Lets test connectivity from a workstation.
It is verified that it is working properly. Lets work on getting the password-less authentication working in the next step.
SSH Key Generation
Lets generate the SSH Key and upload it to the server and test it again. Enter the following command:
ssh-keygen -t rsa -b 4096
- ssh-keygen : ssh-keygen is a tool to generate a ssh key for password-less authentication
- -t rsa : -t is a switch to specify the Type of key generated possible types are dsa, rsa, ecdsa, ecdsa-sk, ed25519 and ed25519-sk
- -b 4096 : -b specifies the key length by default it is 3072, I recommend using at least 4096 bits for higher security.
You should see something like in the screenshot below.
So the SSH Key is now generated.
Upload SSH Key
Lets upload it to the server by using the ssh-copy-id command:
enter your password and it will upload the ssh key to the proper location on the destination machine. It should look similar to the screenshot below.
Testing Password-less Login
Now lets try to use the password-less login. Just enter the following command:
and you should see it logs in without asking for password. See the screenshot below.
Excellent, that worked but we are not done yet. Password authentication is still enabled and suspect to ssh brute force attacks.
Disable Password Logins
Since we are on the server lets edit the sshd_config file and restart the ssh service. Enter the following command:
sudo vim /etc/ssh/sshd_config
Look for two option in the config file. PasswordAuthentication and ChallengeResponseAuthentication, see screenshot below.
Un-comment PasswordAuthentication and change its value to no and verify the ChallengeResponseAuthentication is set to no and un-comment like in the screenshot below.
Save and close the config file and execute the following command to restart ssh service:
sudo systemctl restart sshd.service
In this process we installed SSH Service, verified password login then generate a SSH Key on a client machine and uploaded it and test password-less ssh authentication and last but not least adjusted the sshd_config to prevent password logins and restarted the SSH Service. If you find this article useful please leave a comment and if you like to see something written up here let me know.
If you like to read more about OpenSSH visit http://www.openssh.com/
Good Day 🙂