SSH Keys

Steps to allow key/certificate based SSH authentication to Ubuntu servers. In short the steps are:

  1. Generate a key pair on your local computer that you want to login from.
  2. Copy the public key to the account on the target computer you want to login to.

Generate a Key Pair

  1. Ensure presence of .ssh directory.
  2. Create your public and private SSH keys.

Ensure presence of '.ssh' directory

First, ensure that your target account has a '.ssh' directory.

$ cd
$ ls .ssh
If you receive a message similar to below, you will need to create a '.ssh' directory using the following steps.
ls: cannot access '.ssh': No such file or directory
mkdir     ~/.ssh
chmod 700 ~/.ssh

Create your public and private SSH keys

Run the following to generate your private and public keys. You will be asked to provide an optional passphrase that will encrypt the private key.
ssh-keygen -t rsa -b 4096
Generating public/private rsa key pair.
Enter file in which to save the key (/home/{user}/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/{user}/.ssh/id_rsa
Your public key has been saved in /home/{user}/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx {user}@{server}
The key's randomart image is:
+---[RSA 3072]----+
...
...
...
...
...
...
...
+----[SHA256]-----+

Copy the key pair to your target machine

$ ssh-copy-id {user}@{server}
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/Users/{user}/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
{user}@{server}'s password: 

Number of key(s) added:        1

Now try logging into the machine, with:   "ssh '{user}@{server}'"
and check to make sure that only the key(s) you wanted were added.

You should now be able to login using the following.

$ ssh '{user}@{server}
You will be asked for your passphrase you used to encrypt the private key, not the password of the target system if they are different.
Enter passphrase for key '/Users/{user}/.ssh/id_rsa': 
Welcome to Ubuntu 24.04.1 LTS (GNU/Linux 6.8.0-48-generic x86_64)

 * Documentation:  https://help.ubuntu.com
 * Management:     https://landscape.canonical.com
 * Support:        https://ubuntu.com/pro

This system has been minimized by removing packages and content that are
not required on a system that users do not log into.

To restore this content, you can run the 'unminimize' command.
Last login: Sun Nov 10 01:18:14 2024 from 10.42.0.27