SSH Key Authentication Ubuntu 20.04

Oct 31, 2021 · 2 mins read
linux ssh it security edb25519
SSH Key Authentication Ubuntu 20.04

In the video below, we show how to create and authorize SSH edb25519 keys to login to a Linux server running Ubuntu server 20.04 for example

SSH keys are a more secure method of authentication than using a username and password and edb25519 is a more modern and less intensive algorithm then RSA

We show how to generate an SSH key pair, how to upload the public key to the server, how to disable password authentication on the server to enforce SSH key authentication and how to create a config file to simplify logins when you have multiple keys for instance

Useful links:
https://www.ssh.com/academy/ssh/config

Steps taken:

  1. Generate SSH key pair on workstation 

    cd ~/.ssh
ssh-keygen -t ed25519 -f test-key -C "test@test.com"
    Where ed25519 is the encryption algorithm we’ll use, test-key is the identity we’ll give this key pair and test@test.com is a comment we’ll attach to this

  2. Distribute and authorize key for authentication 

    ssh-copy-id -i test-key test@192.168.1.20
    Where test-key is the identity of the key we want authorizing for the user account test on the server 192.168.1.20

  3. Disable password authentication on server 

    sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak  
sudo nano /etc/ssh/sshd_config
    Look for a line saying 
    PasswordAuthentication yes
    Change this to 
    PasswordAuthentication no
    NOTE: Ubuntu servers have one line with this commented out and another which is active. We want to change the active one
    Restart SSH 
    sudo systemctl restart sshd
    Then check the service is still working 
    sudo systemctl status sshd

  4. Use the SSH config file on the workstation to manage multiple keys 

    touch config  
chmod 600 config  
nano config  
    Host *
IdentitiesOnly yes

Host server1
HostName 192.168.1.20
User test
IdentityFile "/home/fred/.ssh/test-key"

Host server2
HostName server2.test.com
User prod
IdentityFile "/home/fred/.ssh/prod-key"
    NOTE: In the above example, Fred is the user account we’re logged into on the workstation where SSH is being used, but we login to different servers using different user names and different keys
    These are just examples of what is possible though as it is not recommened to leave usernames in the config file in case somebody gains access to it

Sharing is caring!