Ubuntu public key authentication with SSH

February 7, 2015

Ubuntu Server

  1. login as normal user
  2. Generate public and private key pair

    # ssh-keygen -t rsa

    Generating public/private rsa key pair.

    Enter file in which to save the key (/home/ray/.ssh/id_rsa):

    Created directory ‘/home/ray/.ssh’.

    Enter passphrase (empty for no passphrase):

    Enter same passphrase again:

    Your identification has been saved in /home/ray/.ssh/id_rsa.

    Your public key has been saved in /home/ray/.ssh/id_rsa.pub.

    The key fingerprint is:

    99:99:99:99:99:99:99:99:99:99:99:99:99:99:99:99 ray@anpanman

    The key’s randomart image is:

    +–[ RSA 2048]—-+

    | |


  3. Rename public key

    # cd ~/.ssh
    # mv id_rsa.pub authorized_keys

  4. Copy private key to remote machine. Follow example move the private key to a usb device. Once the private key is copied it is strongly recommended to delete it from the ssh server machine.

    # mv ~/.ssh/id_rsa/id_rsa /media/usb

    This key is very important and must be secured. Anyone have a copy will be able to login your server.

  5. Edit ssh config file

    # sudo vi /etc/ssh/sshd_config

    Update the following lines

    PasswordAuthentication no
    AuthorizedKeysFile /home/%u/.ssh/authorized_keys
    PubkeyAuthentication yes
    RSAAuthentication yes

  6. Once private key is copied to remote machine, using Mac as example, copy the private key to Documents folder.

    Open a command prompt then create a script with command below

    # vi ~/Documents/ssh.sh

    Type the type below

    ssh -i ~/Documents/id_rsa user@ -p 22

    Change the IP address to your server IP. Also change the user name of course.

    Assume using standard SSH port 22.

  7. Try SSH with command below

    # chmod +x ~/Documents/ssh.sh
    # ~/Documents/ssh.sh

  8. If ssh success, stay connect to the server, restart SSH server to disable clear text password login.

    # sudo service restart ssh

Update 2015-02-24

I figured out that I failed to ssh sometime. The reason is that I configured ssh to read my public key in home directory. Home directory by default is encrypted when user is logged out. That mean ssh failed to read the public key at all. To solve this, move the public key location out of the home directory.

  1. nano /etc/ssh/sshd_config
  2. Locate this line

    AuthorizedKeysFile /home/%u/.ssh/authorized_keys

    Change it to

    AuthorizedKeysFile /etc/ssh/pub/%u/authorized_keys

  3. Move all user’s key under /etc/ssh/pub

    # sudo mkdir /etc/ssh/pub
    # sudo mkdir /etc/ssh/pub/ray
    # sudo mv /home/ray/.ssh/authorized_keys /etc/ssh/pub/ray
    # sudo chown ray:ray /etc/ssh/pub/ray
    # sudo chown ray:ray /etc/ssh/pub/ray/*
    # sudo chmod 700 /etc/ssh/pub/ray
    # sudo chmod 600 /etc/ssh/pub/ray/authorized_keys

    Change the value of ray to your actual user account. Repeat for all user accounts that required remote login.

  4. Restart ssh service

    # sudo service ssh restart

Leave a Reply

Your email address will not be published. Required fields are marked *