OpenSSH is a freely available version of the Secure Shell (SSH) protocol. It is widely used for controlling remote systems and transferring files from one system to another. However, you can still use traditional tools such as telnet or rcp to accomplish the same. However, these tools are considered insecure as these tools transfer user’s password over the network in clear text. In this article, we will explain how to use SSH to access the remote systems, how to prevent root authentication for SSH, and how to configure SSH key-based authentication in Linux. We will use Ubuntu 17.04 for this demonstration, however, the same steps can be used to configure SSH key-based authentication for other Linux variants as well.
Installing SSH Packages
Before working with OpenSSH protocol, you need to make sure that OpenSSH packages are installed. Since OpenSSH is the most basic tool in Linux systems, so it is typically installed on almost all the Linux systems including Ubuntu. However, if it not installed by default, you can install by using the following commands:
sudo apt install openssh-client sudo apt install openssh-server
- Managing packages in Ubuntu using apt commands.
- Installing Java in Ubuntu 17.04
- Breaking root password in Ubuntu 17.04
Configuring sshd_config File
The configuration file for ssh settings is /etc/ssh/sshd_config. This file contains all the configuration options for SSH protocol. The following table contains the most common used SSH configuration options.
After making any changes in the ssh_config file, make sure you restart the sshd service.
sudo systemctl restart sshd.service
Setup SSH Key-Based Authentication
SSH key-based authentication is more secure than password-based authentication. Now, let’s see how to configure SSH key-based authentication between two systems. Suppose you have two systems configured with 172.16.0.1 (local) and 172.16.0.2 (remote) IP addresses. Suppose you want to access SSH of 172.16.0.2 system from 172.16.0.1 using the Public SSH key file. For this, perform the following tasks:
Create an SSH key pair on the local system
sudo ssh-keygen -t rsa -b 4096
The above command will generate a 4096 bit long private and public key pair using the RSA algorithm. The default location to save SSH key pair is the ~/.ssh/ directory. Here, one id_rsa.pub public file and one id_rsa private file will be created. The following figure shows how to generate an RSA key for SSH key-based authentication.
Copy Public Key File To Remote System
Now, you need to copy the id_rsa.pub file to the remote system, in this case, 172.16.0.2. For this, execute the following command:
sudo ssh-copy-id [email protected]
If you are unable to copy the public key file using the above command, you can copy the content of the public key file and then can manually paste into the ~/.ssh/authorized_keys file on the remote system.
Verify SSH Key-based Authentication
Once the public key file is copied successfully, you can access SSH of the remote system without entering the password. To verify SSH key-based authentication, execute the following command.
sudo ssh [email protected]
You should be able to login to the remote system without entering the password. In this guide, we have explained the basic settings of sshd_config files and how to setup SSH key-based authentication in Ubuntu Linux. You may ask your queries or give your suggestions to us using the comment box.