1. Home
  3. Ubuntu
  5. How to Set Up SSH Keys on Ubuntu 24.04

How to Set Up SSH Keys on Ubuntu 24.04

A normal SSH connection is authenticated using a user password which is considered the least secure way to communicate. However, SSH allows you to make it more secure using the SSH keys phenomenon. There are two SSH Keys, i.e., Public and Private.

Both keys are generated at the client side and then the public key is copied on the server side to authenticate a connection coming from the client that has the private key. Overall, setting up the SSH keys is a dedicated process, which we will demonstrate on Ubuntu 24.04 today.

Outline:

How Does SSH Keys (Public and Private) Work on Ubuntu/Linux

SSH keys are generated in pairs, i.e., Public Key and Private Key. The private key resides at the client side whereas the public key is copied on the server. Whenever the connection request is established by the client, the server sends some test to the client (based on the public key shared by the same client). If the client successfully decrypts the message via its private key, the server allows it to connect, else the connection is failed.

How to Set Up SSH Keys on Ubuntu 24.04

Setting Up SSH keys includes generating the SSH key pair on the client side, then copying the public key to the server to whom your client will be connected, and finally establishing a connection using the SSH key pair.

The practical demonstration of these steps is as follows:

Step 1: Generate an SSH Key Pair

The ssh-keygen command generates the SSH key pair. Ensure to run it on the client side:

ssh-keygen

The keys are generated in the ”.ssh” directory by default, which can be verified using the ls command. The names of the keys depend on the cryptographic algorithm used, i.e., ED25519 algo is used, and the name of the keys contains “ed25519”.

By default, a “ED25519” based encrypted key is generated. However, you can provide a different encryption algorithm and number of bits using the command syntax:

ssh-keygen -t <Algorithm> -b <Encryption-Bits>

The value of “<Algorithm>” could be “dsa | ecdsa | ecdsa-sk | ed25519 | ed25519-sk | rsa” whereas it is recommended to generate the SSH keys with the default encryption bits. For instance, the below command generates the SSH key pair with the RSA algorithm with default bits:

ssh-keygen -t rsa

Step 2: Copy the Public Key to the Server

Now, it’s time to copy the public key to the server to whom you need to communicate/connect via the SSH keys. Here’s the syntax/command, i.e., using the ssh-copy-id command with the username and the IP address of the server where the key will be copied:

ssh-copy-id username@ip-addr/hostname

There are other variants of copying the Public Key, that are discussed here:

  • Copy a Specific Public Key

By default, all the public keys stored at the default location (~/.ssh/<key>.pub) of the client are copied to the server. However, you may have to copy one public key among the multiple keys available. In such a case, you have to define the exact path/name of the key in the following syntax:

ssh-copy-id -i <Path-to-Public-Key> username@ip-addr/hostname

Alternative Methods to Copy the SSH Keys

Apart from this ssh-copy-id tool, you can use the following commands/methods to copy the public key to the server:

  • The scp

SCP is also an SSH-based copying protocol that lets you copy some files from client to server. The syntax of the command and its practical demonstration is here:

sudo scp <path-of-pub-key> <username@Hostname/IPAddress>:~/.ssh/authorized_keys

  • Cat Command and Operators

The cat command fetches the content of the Public Key and then an SSH-based connection is established. Then, an SSH-based connection is established and the cat content is redirected to the “authorized_keys” file (on the server side).

Here’s the syntax and the implementation of it:

cat <path-to-public-key> | ssh username@hostname "cat >> ~/.ssh/authorized_keys"

You can use any of the above-listed methods to copy the SSH Public key(s) to the server.

Step 3: Establish the SSH Connection

Once the key(s) are copied, you can now connect to the server using the public/private key-based authentication. Here, you have two possibilities to connect to the server that are listed below:

  • With Default Key Pairs
ssh <user-name>@<host-name>
  • With a Specific Private Key

When you have copied multiple keys, and want to connect via one specific private key then you can specify that key in the ssh command as follows:

ssh -i "<Private-Key-Address>" <user-name>@<host-name>

Right after running this command, you will be prompted to enter the passphrase you set at the time of generating the key pair:

And you are now logged into the server:

That’s how you can set up SSH keys to create a secure SSH connection.

Note: If you have changed the port, then you need to mention the port number with the “t” flag as follows:

ssh -p <Port-Number> <user-name>@<IP-Add>

Tip: Disable the Password Login | Configure the SSH Server

Once you have set up the SSH keys, it is recommended to turn off the password-based authentication on the SSH server end. After that, the SSH key pair would be the main authentication barrier for any incoming requests.

To disable the password-based authentication or any configurational changes, you need to access/edit the “/etc/ssh/sshd_config” file on the server side. Trace the “PasswordAuthentication” parameter, uncomment this line, and set its value to “no”.

Remember to restart SSH after each change.

Similarly, you can change the port of the SSH logins. By default, it listens on Port 22. However, you can change the default port inside the “/etc/ssh/sshd.config

That’s all about setting up SSH keys on Ubuntu 24.04.

Bottom Line

SSH key-based authentication is one of the secure modes of connection using an SSH protocol. SSH keys work in pairs, i.e., private and public. If the private key of the client is able to decrypt the encrypted message of the server, then the connection is established successfully.

You have learned the setup and basic understanding of the SSH keys on Ubuntu 24.04.

Print Friendly, PDF & Email
Categories