What is SSH?
SSH (Secure Socket Shell) is a protocol used by users to connect to remote server. A remote server is basically a computer located remotely. Usually, connection to remote server can be done using user credentials or ssh keys.
During SSH session, any commands that you type into your local terminal are sent through an encrypted SSH tunnel and executed on your server. You must have ssh client on your local machine to log on to remote server.
User can either login via user and password provided or can create an ssh key to log on without requiring user or password.
SSH keys are a matching set of cryptographic keys which can be used for authentication. To authenticate using SSH keys, a user must have an SSH key pair on their local computer.
How to install ssh on ubuntu?
To install ssh on ubuntu type following commands one by one on your terminal window:
$ sudo apt-get update
$ sudo apt-get install openssh-server
$ sudo apt-get install ssh-copy-id
How to generate SSH Keys?
To generate a new ssh key on your mac or linux machine run following command:
# create ssh key
$ ssh-keygen -t rsa -b 4096 -C "email@example.com"
Once keys are generated it will be stored in ~/.ssh folder. These keys are useful and you should not share your private key to anyone.
Followings are some of the places where you need these keys:
- to login to remote server without password prompt
- adding ssh keys to your github or bitbucket
- adding ssh keys to any ssh based deployment tool
How do I access my ssh public key?
Once you generated ssh keys on your computer and you don't know where to look for them. Try following commands:
# show ssh public key contents
# above command will output the
# contents of your public key
# copy these contents and use them
# where you need them
How to copy ssh keys to remote server?
If you wonder how to copy your local ssh key to remote server so that it wont asks you to enter ssh password every time you ssh to the remote server then try following commands:
# copy local keys to remote server
$ ssh-copy-id -f username@REMOTE_IP
# once keys are added try to login with your username
# this step will skip the password prompt as you already
# added keys to remote server
$ ssh username@REMOTE_IP
How to manually copy ssh keys to remote server?
To manually copy your public ssh key to remote server try following commands:
# show contents of your local ssh key
$ cat ~/.ssh/id_rsa.pub
# or use this command to paste your ssh keys to remote server
$ cat ~/.ssh/id_rsa.pub | ssh user@remote_server_ip "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"
# copy the output of the above command
# now, log on to remote server
$ ssh username@REMOTE_IP
# once you logged on open following file
$ sudo nano ~/.ssh/authorized_keys
# paste the contents of "cat ~/.ssh/id_rsa.pub" command from your computer
# save the ~/.ssh/authorized_keys and exit the remote server
# now try to log on with your added ssh keys it should skip the password prompt
$ ssh username@REMOTE_IP
How do I change my private key passphrase?
To change your existing private key passphrase try following command:
ssh-keygen -p -f ~/.ssh/id_dsa
How to force ubuntu to use ssh keys?
To tighten security of your remote server and to prevent users to use passwords for ssh authentication you need to disable password authentication and enable ssh key authentication.
This will ensure that all users will login using their own ssh keys and you can keep an eye on users. First of all you have to login to your ssh server using your root and password.
Copy your ssh public key to your remote server and then run following commands:
# open ssh config file
$ sudo nano /etc/ssh/sshd_config
# find PasswordAuthentication line and replace with
# save and close the file and run
$ sudo service ssh restart
Now, exit the terminal and try to login using password you wont be able to log on however if you try using ssh key you will be able to log on to remote server.
How to disable root ssh login?
If you are a linux administrator or a developer you know that when you install linux server it comes with root user by default and you also aware that how dangerous it is if someone got the root access.
To prevent root user to login to remote server you need to first create an alternate new user then assign them sudo permissions and disable the root login.
Followings are some of the commands will help you disable root login:
# first, login to remote server using root user
$ ssh root@remote_server_ip
# once logged on, create another user
$ useradd -m -d /home/joe joe
# set the password for new user
$ passwd joe
# add sudo permission for new user
$ echo 'joe ALL=(ALL) ALL' >> /etc/sudoers
# exit from remote server and try to login with new user
$ ssh joe@remote_server_ip
# make sure you have root permissions
$ su -
# once you can do that disable root login
# open the ssh config file
$ nano /etc/ssh/sshd_config
# uncomment the line "#PermitRootLogin yes"
# restart ssh server
$ /etc/init.d/sshd restart
Now, exit from the server and try login using your root user you wont be able to log on anymore however if you try to login using other user you will be able to do that.