Ubuntu Server 188.8.131.52
- login as normal user
- Generate public and private key pair
# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/ray/.ssh/id_rsa):
Created directory ‘/home/ray/.ssh’.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/ray/.ssh/id_rsa.
Your public key has been saved in /home/ray/.ssh/id_rsa.pub.
The key fingerprint is:
The key’s randomart image is:
+–[ RSA 2048]—-+
- Rename public key
# cd ~/.ssh
# mv id_rsa.pub authorized_keys
- Copy private key to remote machine. Follow example move the private key to a usb device. Once the private key is copied it is strongly recommended to delete it from the ssh server machine.
# mv ~/.ssh/id_rsa/id_rsa /media/usb
This key is very important and must be secured. Anyone have a copy will be able to login your server.
- Edit ssh config file
# sudo vi /etc/ssh/sshd_config
Update the following lines
- Once private key is copied to remote machine, using Mac as example, copy the private key to Documents folder.
Open a command prompt then create a script with command below
# vi ~/Documents/ssh.sh
Type the type below
ssh -i ~/Documents/id_rsa firstname.lastname@example.org -p 22
Change the IP address to your server IP. Also change the user name of course.
Assume using standard SSH port 22.
- Try SSH with command below
# chmod +x ~/Documents/ssh.sh
- If ssh success, stay connect to the server, restart SSH server to disable clear text password login.
# sudo service restart ssh
I figured out that I failed to ssh sometime. The reason is that I configured ssh to read my public key in home directory. Home directory by default is encrypted when user is logged out. That mean ssh failed to read the public key at all. To solve this, move the public key location out of the home directory.
- nano /etc/ssh/sshd_config
- Locate this line
Change it to
- Move all user’s key under /etc/ssh/pub
# sudo mkdir /etc/ssh/pub
# sudo mkdir /etc/ssh/pub/ray
# sudo mv /home/ray/.ssh/authorized_keys /etc/ssh/pub/ray
# sudo chown ray:ray /etc/ssh/pub/ray
# sudo chown ray:ray /etc/ssh/pub/ray/*
# sudo chmod 700 /etc/ssh/pub/ray
# sudo chmod 600 /etc/ssh/pub/ray/authorized_keys
Change the value of ray to your actual user account. Repeat for all user accounts that required remote login.
- Restart ssh service
# sudo service ssh restart