Create SSH Keys
SSH keys should be generated on the computer you wish to log in from.
This is usually your local machine.
Enter the following into the command line:
You may be prompted to set a password on the key files themselves, but this is a fairly uncommon practice, and you should press enter through the prompts to accept the defaults.
Your keys will be created at
~/.ssh/id_rsa.pub
and
~/.ssh/id_rsa
Change into the .ssh directory by typing:
Look at the permissions of the files:
Output:
As you can see, the id_rsa file is readable and writable only to the owner. This helps to keep it secret.
The id_rsa.pub file, however, can be shared and has permissions appropriate for this activity.
Transferring the Public Key to the Server
If you currently have password-based access to a server, you can copy your public key to it by issuing this command:
This will start an SSH session.
After you enter your password, it will copy your public key to the server’s authorised keys file, which will allow you to log in without the password next time.
Client Side Options
There are a number of optional flags that you can provide when connecting through SSH.
Some of these may be necessary to match the settings in the remote host’s sshd configuration.
For instance, if you changed the port number in your sshd configuration, you will need to match that port on the client side by typing:
Note:
Changing your ssh port is a reasonable way of providing security through obscurity.
If you are allowing SSH connections to a widely known server deployment on port 22 as normal and you have password authentication enabled, you will likely be attacked by many automated login attempts.
Exclusively using key-based authentication and running SSH on a nonstandard port is not the most complex security solution you can employ, but you should reduce these to a minimum.
If you only want to execute a single command on a remote system, you can specify it after the host like so:
You will connect to the remote machine, authenticate, and the command will be executed.
As we said before, if X11 forwarding is enabled on both computers, you can access that functionality by typing:
Providing you have the appropriate tools on your computer, GUI programs that you use on the remote system will now open their window on your local system.
If you have created SSH keys, you can enhance your server’s security by disabling password-only authentication.
Apart from the console, the only way to log into your server will be through the private key that pairs with the public key you have installed on the server.
Warning: Before you proceed with this step, be sure you have installed a public key to your server. Otherwise, you will be locked out!
As root or user with sudo privileges, open the sshd configuration file:
Locate the line that reads Password Authentication, and uncomment it by removing the leading #. You can then change its value to no:
/etc/ssh/sshd_config
Two more settings that should not need to be modified (provided you have not modified this file before) are PubkeyAuthentication and ChallengeResponseAuthentication. They are set by default and should read as follows:
/etc/ssh/sshd_config
After making your changes, save and close the file.
You can now reload the SSH daemon:
Password authentication should now be disabled, and your server should be accessible only through SSH key authentication.
Learning your way around SSH will greatly benefit any of your future cloud computing endeavors. As you use the various options, you will discover more advanced functionality that can make your life easier. SSH has remained popular because it is secure, lightweight, and useful in diverse situations.
Next, you may want to learn about working with SFTP to perform command line file transfers.
Last updated
Was this helpful?