SSH Setup in Ubuntu

SSH (Secure Shell) technology allows you to safely remotely manage your computer through a secure connection. SSH produces encrypted all transmitted files, including passwords, and also transmits a completely any network protocol. To work correctly, it must not only be installed, but also configured. It would be about the product of the main configuration that we would like to talk under this article, taking the latest version of the Ubuntu operating system for an example, which will be located the server.

Configure SSH in Ubuntu

If you have not yet completed the installation to the server and client PC, it should be done initially, the benefit of the whole procedure is quite simple and will not take much time. With a detailed manual on this topic Meet another article on the following link. It also shows the procedure for editing the configuration file and testing SSH, so today we will focus a little on other tasks.

Read more: Installing SSH-Server in Ubuntu

Creating a pair of RSA keys

In the newly installed SSH, there are no more specified keys to connect from the server to the client and vice versa. All these parameters need to be set manually immediately after adding all components of the protocol. A pair of keys is working using the RSA algorithm (reduction from the names of the Rivest, Shamir and Adleman developers). Thanks to this cryptosystem, the keys are encrypted through special algorithms. To create a pair of open keys, you only need to enter the appropriate commands in the console and follow the instructions that appear.

Go to work with the "terminal" by any convenient method, for example, by opening it through the menu or the key combination Ctrl + Alt + T.

Run the terminal in Ubuntu to further configure SSH

Enter the SSH-Keygen command, and then click the ENTER key.

Create SSH key through the console in the Ubuntu operating system

It will be proposed to create a file where the keys will be saved. If you want to leave them in the location selected by default, simply click on ENTER.

Select a file to save the SSH protocol keys in Ubuntu

The public key can be protected by a code phrase. If you want to use this option, write a password in the appeared string. Insertion characters will not be displayed. In the new line will need to repeat it.

Entering a key phrase when creating a SSH key in Ubuntu

Next, you will see a notice that the key has been saved, and you can also familiarize yourself with its random graphic image.

Successful key creation for SSH in the Ubuntu operating system

Now there is a customer pair - secret and open to be used to further connect between computers. You just need to put the key to the server so that the SSH authentication is successful.

Copy open key to server

There are three key copying methods. Each of them will be the most optimal in various situations when, for example, one of the ways does not work or is not suitable for a specific user. We propose to consider all three options by starting from the simplest and effective.

Option 1: SSH-Copy-ID command

The SSH-Copy-ID command is built into the operating system, so it does not need to install any additional components for its execution. Observe a simple syntax to copy the key. In the Terminal, you must enter the SSH-Copy-ID username @ remote_host, where the username @ remote_host is the name of the remote computer.

Copy SSH key through a special utility in Ubuntu

When you first connect, you will receive a notification with the text:

The Authenticity of Host '203.0.113.1 (203.0.113.1)' CAN't Be Established.

ECDSA KEY FINGERPRINT IS FD: FD: D4: F9: 77: FE: 73: 84: E1: 55: 00: AD: D6: 6D: 22: FE.

Are you Sure You Want to Continue Connecting (YES / NO)? Yes

You must specify the option yes to continue the connection. After that, the utility will independently search the key as id_rsa.pub file, which was previously created. During successful detection, this result will be displayed:

USR / BIN / SSH-COPY-ID: info: attempting to log in with the new key (s), to filter out Any That Are Aready Installed

/ USR / BIN / SSH-Copy-ID: info: 1 Key (s) Remain to Be Installed - if you are prompted now it is to install the new keys

[email protected]'s password:

Specify the password from the remote host so that the utility can enter it. The tool will copy the data from the public key file ~ / .ssh / id_rsa.pub, and then a message will appear on the screen:

Number Of Key (S) Added: 1

Now try logging INTO THE MACHINE, WITH: "SSH '[email protected]'"

And check to make sure that Only The Key (s) You Wanted Were Added.

The appearance of such a text means that the key has been successfully loaded on a remote computer, and no longer any problems with the connection will arise.

Option 2: Copying an open key through SSH

If you can not use the above utility, but there is a password to enter the remote SSH server, you can upload your user key manually, thereby providing further stable authentication when connected. It is used for this CAT command that will read the data from the file, and then they will be sent to the server. In the console, you will need to enter a string.

Cat ~ / .ssh / id_rsa.pub | SSH UserName @ Remote_Host "mkdir -p ~ / .ssh && touch ~ / .ssh / authorized_keys && chmod -r go = ~ / .ssh && Cat >> ~ / .ssh / authorized_keys."

Transfer a copied key through a special Ubuntu utility

When the message appears

The Authenticity of Host '203.0.113.1 (203.0.113.1)' CAN't Be Established.

ECDSA KEY FINGERPRINT IS FD: FD: D4: F9: 77: FE: 73: 84: E1: 55: 00: AD: D6: 6D: 22: FE.

Are you Sure You Want to Continue Connecting (YES / NO)? Yes

Continue the connection and enter the password to enter the server. After that, the public key will be automatically copied to the end of the authorized_keys configuration file.

Option 3: Manual open key copying

In the absence of access to a remote computer via a SSH server, all the actions described above are manually executed. To do this, first find out information about the key on the server PC via the CAT ~ / .ssh / id_rsa.pub command.

View the key information via the Cat command in Ubuntu

The screen will be displayed approximately such a string: SSH-RSA + key as a set of characters == Demo @ Test. After that, go to work on a remote device where you create a new directory via MKDIR -P ~ / .ssh. It additionally creates the Authorized_keys file. Next, insert the key there that you learned earlier via Echo + row of a public key >> ~ / .ssh / authorized_keys. After that, you can try to carry out authentication with the server without using passwords.

Authentication on the server through the created key

In the previous section, you learned about three methods for copying a remote computer key to the server. Such actions will allow you to connect without the password. This procedure is performed via the command line by entering SHH SSH UserName @ Remote_Host, where the username @ remote_host is the username and host computer name. When you first connect, you will be notified of an unfamiliar connection and you can continue by selecting the YES option.

Connect to a remote computer via SSH in Ubuntu

Connection will automatically happen if the key phrase (passphrase) was not specified during the creation of a pair of keys. Otherwise, you will first have to introduce it to continue working with SSH.

Disable password authentication

Successful setting up key copying is considered in that situation when you can enter the server without using the password. However, the ability to authenticate thus allows attackers to use tools for selecting a password and crack the protected connection. Mustoke yourself from such cases will allow a full-fledged password input in the SSH configuration file. This will require:

In the Terminal, open the configuration file via the editor using the Sudo GEGDIT / ETC / SSH / SSHD_CONFIG command.

Run the SSH configuration file via Editor in Ubuntu

Find the PasswordAuthentication line and remove the # sign in the beginning to rass the parameter.
Change the value to NO and save the current configuration.

Disable password authentication in SSH via Ubuntu

Close the editor and restart the Sudo SystemCTL Restart SSH server.

Restart the SSH server in the Ubuntu operating system

The password authentication will turn off, and enter the server can only be used using the keys specially created for this with the RSA algorithm.

Setting up standard firewall

In Ubuntu, the default firewall is the Uncomplicated Firewall (UFW) firewall. It allows you to solve connections for selected services. Each application creates its own profile in this tool, and UFW controls them, allowing or bothering the connection. Setting the SSH profile by adding it to the list is carried out like this:

Open the Firewall profile list through the Sudo UFW App List command.

View Standard Firevola Profiles in Ubuntu

Enter the password from the account to display information.

Enter the password to view the list of profiles of standard Firevola Ubuntu

You will see a sheet of available applications, there must be OpenSSH among them.

Standard Firevola Profiles List in Ubuntu

Now you should resolve connections via SSH. To do this, add it to the list of allowed profiles using Sudo UFW Allow OpenSSH.

Add SSH server to resolve connections to Firewall Ubuntu

Turn on the Firewall by updating the rules, sudo ufw enable.

Restart the firewall with updates of rules in Ubuntu

For beliefs are that the connections are allowed, Sudo UFW Status should be prescribed, after which you will see the status of the network.

View the list of permitted firewall connections in Ubuntu

On this, our SSH configuration instructions in Ubuntu are completed. Further settings for the configuration file and other parameters are personally carried out by each user under its requests. You can get acquainted with the action of all components of SSH in the official documentation of the Protocol.