How to Set Up SSH Keys on Ubuntu

How to Set Up SSH Keys on Ubuntu

How to Set Up SSH Keys on Ubuntu

SSH (Secure Shell) keys provide a secure and convenient way to authenticate and access remote servers without the need for passwords. In this tutorial, we'll walk through the steps to generate and set up SSH keys on an Ubuntu system.

Step 1: Check for Existing SSH Keys

First, check if you already have SSH keys generated on your Ubuntu system by navigating to the ~/.ssh directory:

ls ~/.ssh

If you see files named id_rsa and id_rsa.pub, you already have SSH keys set up and can skip to Step 4.

Step 2: Generate SSH Keys

If you don't have SSH keys yet, generate a new SSH key pair by running the following command:

ssh-keygen -t rsa -b 4096 -C "your_email@example.com"

Note: Replace "" with your actual email address.

Recent versions of ssh-keygen will create a 3072-bit RSA key pair, which is secure enough for most use cases (here we are optionally passing in the -b 4096 flag to create a larger 4096-bit key).

After entering the command, you should see the following output:

Output
Generating public/private rsa key pair.
Enter file in which to save the key (/your_home/.ssh/id_rsa):

Note: Replace your_home with the correct location.

Press enter to save the key pair into the .ssh/ subdirectory in your home directory, or specify an alternate path.

If you had previously generated an SSH key pair, you may see the following prompt:

Output
/home/your_home/.ssh/id_rsa already exists.
Overwrite (y/n)?

Note: If you choose to overwrite the key on disk, you will not be able to authenticate using the previous key anymore. Be very careful when selecting yes, as this is a destructive process that cannot be reversed.

Step 3: Enter a Passphrase (Optional)

You can choose to add a passphrase to your SSH key for an extra layer of security. If you prefer to use a passphrase, enter it when prompted. Otherwise, you can press Enter to leave it blank.

A passphrase adds an additional layer of security to prevent unauthorized users from logging in and it's highly recommended.

You should then see the output similar to the following:

Output
Your identification has been saved in /your_home/.ssh/id_rsa
Your public key has been saved in /your_home/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:/hk7MJ5n5aiqdfTVUZr+2Qt+qCiS7BIm5Iv0dxrc3ks user@host
The key's randomart image is:
+---[RSA 3072]----+
|                .|
|               + |
|              +  |
| .           o . |
|o       S   . o  |
| + o. .oo. ..  .o|
|o = oooooEo+ ...o|
|.. o *o+=.*+o....|
|    =+=ooB=o.... |
+----[SHA256]-----+

You now have a public and private key that you can use to authenticate. The next step is to place the public key on your server so that you can use SSH-key-based authentication to log in.

Step 4: Add SSH Key to SSH Agent

Next, add your SSH key to the SSH agent to manage your keys:

ssh-add ~/.ssh/id_rsa

Step 5: Copy SSH Public Key

Finally, copy your SSH public key to the clipboard using the xclip utility:

sudo apt update
sudo apt install xclip -y
xclip -sel clip < ~/.ssh/id_rsa.pub

Note: Strictly speaking this step is optional given you can simply cat the id_rsa.pub file and copy /paste it as you would normally do, however, this could lead to errors in the event of an error during the copy /paste. The most common cause of trouble here is special characters like line breaks being copied.

Step 6: Configure Remote Server

Paste your SSH public key into the ~/.ssh/authorized_keys file on the remote server you want to access. You can do this manually or use the ssh-copy-id command:

ssh-copy-id username@remote_host

Note: Replace username with your username on the remote server and remote_host with the hostname or IP address of the remote server.

Step 7: Test SSH Connection

Test your SSH connection to the remote server to ensure everything is set up correctly:

ssh username@remote_host

Note: As you did before, replace username with your username on the remote server and remote_host with the hostname or IP address of the remote server.

Congratulations! You've successfully set up SSH keys on your Ubuntu system.

Troubleshooting

Troubleshooting SSH connections can sometimes be challenging, but with the right approach and understanding of common issues, it becomes manageable. Here are some tips for troubleshooting SSH connections:

  1. Check SSH Service Status: Ensure that the SSH service is running on both the client and server machines. You can check the service status using commands like systemctl status ssh on Ubuntu or service sshd status on other Linux distributions. If you haven't yet installed the service, please see our step-by-step guide on how to install the SSH service in your machine.

  2. Verify Network Connectivity: Confirm that both the client and server machines have network connectivity. Use tools like ping to check for connectivity issues and ensure that firewalls or network access controls are not blocking SSH traffic.

  3. Check SSH Configuration: Review the SSH configuration files (sshd_config on the server and ssh_config on the client) for any syntax errors or misconfigurations. Pay attention to settings such as port number, authentication methods, and access controls.

  4. Check SSH Logs: Examine the SSH logs on both the client and server machines for any error messages or warnings. The logs are typically located in /var/log/auth.log or /var/log/secure.

  5. Verify User Credentials: Ensure that you are using the correct username and password or SSH key pair for authentication. Double-check the permissions and ownership of SSH key files (~/.ssh/id_rsa for example) to ensure they are set correctly.

  6. Check SSH Version Compatibility: Verify that the SSH client and server are using compatible versions of the SSH protocol. Incompatibilities between different SSH versions can sometimes cause connection issues.

  7. Test with Different SSH Clients: If possible, try connecting to the SSH server using different SSH client software (e.g., PuTTY on Windows or OpenSSH on Unix-like systems) to see if the issue persists across different clients.

  8. Restart SSH Service: As a last resort, restarting the SSH service on both the client and server machines may resolve certain connection issues. Use commands like sudo systemctl restart ssh on Ubuntu or sudo service sshd restart on other Linux distributions.

Conclusion

SSH keys provide a secure and efficient way to authenticate and access remote servers without the need for passwords. By following the steps outlined in this tutorial, you can generate SSH keys, add them to your SSH agent, and configure remote servers for secure SSH access. Implementing SSH keys helps improve security and streamline remote server management tasks.

Are you interested in learning more about Linux system administration, security best practices, or other technical topics? Share your thoughts in the comments below and subscribe to our blog newsletter for updates on similar topics.

Did you find this article valuable?

Support Cloud Tuned by becoming a sponsor. Any amount is appreciated!