SSH (Secure Shell) is a standard network tool used to access PC and other systems remotely but in a secure way. Here we let you know how to enable SSH on Ubuntu and use it using Authentication keys.
What is SSH?
SSH, or Secure Shell, means both a network protocol and the software required for its usage. It works on a dedicated port number that is 22. Hence, to use SSH on Ubuntu or any other system port 22 must be allowed in the system firewall.
The idea behind using SSH is to establish a secure connection with another computer in the network. However, the remote computer must have a running SSH server, otherwise, we won’t be able to connect it using command or SSH client from our local computer.
As soon as we have established a connection, a prompt will happen to enter the password of the remote PC user to get logged in and access the same in completely encrypted form. The result of a connection is always identical. You end up in a command line on the computer, logged in as one of the users there.
Furthermore, we don’t need a PC to connect, even a smartphone can be used. SSH also allows controlling computers without Display such as NAS boxes, routers, and more…
This network tool is not just limited to Ubuntu only, we can use it on macOS, Windows, Rasberry Pi, and others even on smartphones…
Install and Enable Open SSH Server on Ubuntu 20.04
Most of the time Ubuntu comes by default with SSH as an OpenSSH server & the client is already installed in it. However, if you don’t have then follow the below-given steps. This tutorial is applicable for all active Ubuntu systems such as Ubuntu 18.04/19.04/21.04,
- Run system update command-
sudo apt-get update
- Install OpenSSH server on Ubuntu 20.04 LTS-
sudo apt-get install openssh-server openssh-client
- Enable and Start SSH server services on Ubuntu:
sudo systemctl enable --now ssh
- To check the status run-
systemctl status ssh
Once the installation is completed, we can test it by connecting our Ubuntu 20.04 LTS system remotely via SSH using the local computer which can be a virtual machine. Of course, one thing you have to make sure your local system should be able to reach the remote system that you want to connect via the network.
How to Connect remote Ubuntu system via SSH
Let’s see how to use your local system’s command prompt or terminal to connect the remote Ubuntu system using SSH.
Here we are assuming that a remote Ubuntu system has an Ip-address- 192.168.45.23 and the username is h2s; now to establish the connection via ssh follow the below steps:
- Open a terminal in your Linux or Command prompt in the Windows system.
- Use the command syntax “
ssh username@ip-address“. For example- ssh [email protected].
- Since we have not connected our Ubuntu server before where we have installed the SSH server, hence, the computers do not “know” each other, of course.
- Therefore, when we connect the server for the first time, it will ask whether you really want to connect to the computer and whether you trust the displayed signature. Simply confirm by typing ” yes “.
- After that you the process will ask for the password of the remote user, defined in the command while connecting the server. Enter the password and with that, you will get the command line of the remote server to issue commands remotely. To leave this again, type ” exit “.
Key authentication for more security
Well, instead of entering the password of the remote Ubuntu server, we can use a more secure way that is Key. In which we don’t need to enter a plain password, hence prevent our password from getting leaked or copied, in case we are using some unknown computer to connect the remote server.
The principle of using a key is actually very simple. We just need to create a key pair on the client machine based on the concept of the public and private keys. So, basically, we will create two keys one is the Public key that is used to encrypting the plain text to convert it into ciphertext whereas the Private key is used by the receiver to decrypt the ciphertext to read the message.
In simple words, the private key is like a Door key that must remain secret as you can use it to unlock the door to the remote computer. The public key is basically the keyhole that you build into the door of the server. Hence, the concept is similar to real doors present in our houses, everyone can see the Door’s keyhole but the Key to open is only with the Owner of the house.
Generate Public and Private Keys for SSH
- Open command line- Terminal or Prompt on your local system.
- Enter SSH key generator command that will generate the key
- Hit the Enter key.
- (optional) Then you can enter a password in order to add an additional barrier when establishing the connection. Otherwise, simply press the Enter key two times, if you don’t want the system to ask for an additional password query.
- Ultimately, two files are created in the hidden directory “.ssh” under your user directory: “id_rsa” and “id_rsa.pub”. The “rsa” in the file name stands for the cryptography used, but you don’t have to worry about it. The file extension “pub” stands for “Public”, so it is the public key. Whereas the file without any extension is your private key.
Go to the folder displayed on the command terminal to access the keys:
Copy Public key to Server
Now, to establish a connection using the Key pairs, copy your generated Public key to the server which is Ubuntu here.
We don’t need to visit the server manually, we can use SSH for copying the key as well.
Use the following command top copy SSH Public key to Server:
ssh-copy-id -i ~/.ssh/id_rsa.pub username@ip-address
Note: Change the username and Ip-address with the actual values of your remote server.
scp C:\Users\windwos-username\.ssh\id_rsa.pub username@ip-address:~/.ssh/authorized_keys
Note: Replace windows-username with your current user under which the public key has been saved, whereas the username@ip-address needs the remote Linux user and IP-address.
brew install ssh-copy-id ssh-copy-id -i ~/.ssh/id_rsa.pub username@ip-address
The ” -i ” indicates that the identity is to be copied, which means the specified public key. Copying is of course done via SSH, hence we need the password remote machine once, here.
Once the Key has been copied, you can use your private key to connect remote see a system without entering any kind of password. However, make sure your Private key is in a safe location where it can be accessed by you only.
To use private, here is the command syntax:
ssh -i "path-to-private-key" username@ip-address
path-to-private-key: Replace it with the path where you have saved the private key generated by you.
Whereas, the username and IP address are for the remote server system details.
In this way, we can use authentication keys to get a passwordless connection, keep one thing in mind, it is only possible if you have your private key file with you. Know more about SSH at official website.