Table of Contents

Ubuntu - SSH - Creating public/private key authentication for SSH

To ensure the security of the connection when using SSH is by using public/private SSH keys, because passwords are not passed across the network and the system is resistant to attacks by “brute force”.


On the local machine

Create a .ssh directory

mkdir ~/.ssh

Create the SSH keys

Using RSA:

ssh-keygen -t rsa

or using DSA (Digital Signing Algorithm):

ssh-keygen -t dsa

When asked for a pass phrase leave blank, since our purpose is to automate things.

Two files in the .ssh directory: id_dsa and id_dsa.pub. The pub file has the public key and will be placed on the remote server.


Copy the public key to the remote server

Copy the id_dsa.pub file to the remote server via SCP:

scp ~/.ssh/id_dsa.pub username@example.com:/home/username/

On the remote server

Connect to the remote server with SSH

ssh username@example.com

Create a .ssh directory

mkdir ~/.ssh

Copy the public key to the file authorized_keys

cat id_dsa.pub >> ~/.ssh/authorized_keys

Remove file id_dsa.pub

rm id_dsa.pub

Setting the correct permissions on the key

chown -R username:username /home/username/.ssh
chmod 700 /home/username/.ssh
chmod 600 /home/username/.ssh/authorized_keys

Configuration SSH

sudo vi /etc/ssh/sshd_config

And check this lines:

/etc/ssh/sshd_config
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile %h/.ssh/authorized_keys
PasswordAuthentication no

Restart the server

sudo /etc/init.d/ssh reload

Done


Test

Try to connect to the remote server with SSH:

ssh -i /path-to-private-key username@remote-host-ip-address

Or just this:

ssh username@remote-host-ip-address