LowEndBox - Cheap VPS, Hosting and Dedicated Server Deals

Setup SSH Keys on Ubuntu 18.04

Who should read this?

This tutorial is for novice to intermediate linux users who want to go beyond basic password security.  Security professionals recommend using ssh keys to make authentication into ssh sessions faster, easier and more secure.   As passwords become longer and more complex they become more difficult to use and manage.

Key based access is more secure and easier to manage for individuals.  For teams and organizations key based access has some challenges around rotation and user hygiene that are outside of the scope of this tutorial.

What are we talking about ?

This tutorial will walk you through the basic procedures on setting up and utilizing SSH keys on your servers and how to use those keys with common windows ssh tools like putty or on OSX, or Linux.

SSH is a client server protocol originally developed to replace the insecure and unencrypted telnet protocol.  SSh1 was originally developed in 1995 by Tatu Ylonen, a researcher at the Helsinki University of Technology.   Tatu went on to found ssh.com.  SSH went on to become one of the most widely used security and administration tools in modern technology.

OpenSSH was a derivative work forked (by the OpenBSD project) from earlier versions of the SSH server application that had less restrictive licensing.

Why

Using SSH keys makes system access fast, easy, secure and scalable.   It’s pretty much the only way to fly if you’re serious about being a linux administrator.

What are SSH Keys?

SSH keys are a public and private key pair used for authenticating users whom are trying to remotely login to systems to perform administrative tasks and actions.  The public key is placed on the remote server and the private key is held as a secret on the  user’s local machine.

Pre-requisites

This tutorial is based on Ubuntu 18.04 running the latest

$ sudo apt-get update && apt-get upgrade

If you are using windows you’ll need:
Putty  https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html    ### You need at least putty v0.70 to use ED25519

WinSCP https://winscp.net/eng/download.php

Puttygen  https://winscp.net/eng/download.php  This is included in the WinSCP installer

Step 1

$ mkdir -p ~/.ssh
$ chmod 0700 ~/.ssh
$ ssh-keygen -t ed25519 -C "VPS server #101"    ### https://ed25519.cr.yp.to/ if you are wondering what ED25519 is 
Generating public/private ed25519 key pair.
Enter file in which to save the key (/root/.ssh/id_ed25519):
Enter passphrase (empty for no passphrase):   #haha I can't type 
Enter same passphrase again:
Passphrases do not match.  Try again.
Enter passphrase (empty for no passphrase):  #still can't type
DEnter same passphrase again:
Your identification has been saved in /root/.ssh/id_ed25519.
Your public key has been saved in /root/.ssh/id_ed25519.pub.
The key fingerprint is:
SHA256:+EgRgp7QUWicc/vjjYfl8iW/HW1E5PkzOYY7TmCMlYU VPS server #101
The key's randomart image is:  
+--[ED25519 256]--+
| o.*o .     ...  |
|. O ..     Eoo . |
| + + ...   o  +  |
|  o .  O  +  .+..|
|     .o S. + ..*.|
|     .oo. . .oo +|
|     ..Bo . .+o  |
|      = ++ .oo.  |
|       +. o...   |
+----[SHA256]-----+
$ ls -al ~/.ssh
total 16
drwx------ 2 root root 4096 Apr 30 04:12 .            ### Agree to pretend that I didn't run this as root
drwx------ 7 root root 4096 Apr 30 04:11 ..
-rw------- 1 root root  411 Apr 30 04:12 id_ed25519    ### THIS IS YOUR PRIVATE KEY DO NOT SHARE
-rw-r--r-- 1 root root   97 Apr 30 04:12 id_ed25519.pub ### THIS IS YOUR PUBLIC KEY - GOES ON REMOTE DEVICES 

Step 2

You need to add your public key to the ~/.ssh/authorized_keys file on any server you want to login to.

$ cat id_ed25519.pub >> ~/.ssh/authorized_keys   #APPENDS THE CONTENTS OF FILE_1 to FILE_2

Use WinSCP or SCP to download your private key to your workstation.

On Windows

Open PuttyGen and load the private key that you downloaded from the VPS.  Make sure you select the ED25519 parameter if that is the key type that you generated!

Then hit Save Private Key, save the id_ed25519.ppk key file somewhere smart.

Open Putty and navigate to SSH > Auth in the left hand menu, browse to and load your private key file

Go back to Session and save the session so that you don’t have to specify the key file over and over again like a robot.

If your session throws an error “Unable to load private key file .ppk (file format error)” your version of putty probably is too old and doesn’t support ED25519.

 

On Linux / OSX

Downloading your keys on your linux workstation is pretty simple.

user@workstation:~$ scp user@192.168.1.101~/.ssh/id_ed25519 ~/.ssh/
user@192.168.1.101’s password:
id_ed25519 100% 411 15.4KB/s 00:00
user@workstation:~$ ssh root@192.168.1.101    #type your passphrase and boom you are in
Welcome to Ubuntu 18.04.2 LTS (GNU/Linux 4.15.0-38-generic x86_64)

References

  • https://www.openssh.com/history.html
  • https://www.ssh.com/ssh/
  • https://ed25519.cr.yp.to/ if you are wondering what ED25519 is

About the Author

Sean Richards, CISSP,  is a 20 year  Technology enthusiast and security practitioner.   Loves family, animals, BBQ, and bicycles.
https://www.linkedin.com/in/seangrichards/
https://github.com/seangrichards/
https://twitter.com/seangrichards

No Comments

    Leave a Reply

    Some notes on commenting on LowEndBox:

    • Do not use LowEndBox for support issues. Go to your hosting provider and issue a ticket there. Coming here saying "my VPS is down, what do I do?!" will only have your comments removed.
    • Akismet is used for spam detection. Some comments may be held temporarily for manual approval.
    • Use <pre>...</pre> to quote the output from your terminal/console, or consider using a pastebin service.

    Your email address will not be published. Required fields are marked *