SSH (Secure Shell) enables users to perform certain tasks, like file transfer, port forwarding, tunnel creation, configuring remote servers, etc. remotely over a secure connection. SSH client is pre-installed in Linux systems. SSH offers two password authentication methods, password authentication and public key-based authentication (SSH Keys). Among these techniques, public key-based authentication enables a higher level of security as compared to longer passwords as it is backed by ciphers.
This article will demonstrate how to generate an SSH key with ssh-keygen in Linux/Ubuntu 22.04 LTS. This article will discuss:
- How to Generate/Create SSH Key in Linux/Ubuntu?
- How to Generate/Create SSH Keys of Different Types and Sizes?
- How to Log in/Connect to a Remote Server via an SSH Key?
- How to Disable SSH Password Authentication?
How to Generate/Create SSH Key with ssh-keygen in Linux/Ubuntu?
The following steps are performed in order to generate an SSH keypair:
Step 1: Verify if the SSH Key Pair Exists
Before starting the SSH key generation process, a user can check if any SSH keys already exist in the system as the keys are overwritten if SSH keys are already present in the system. A user can run the following command to verify if SSH keys exist in the system:
It can be observed from the above image, that there is no SSH key in the system.
Step 2: Generation of SSH Key Pair
SSH key pair is generated by executing the following command
The user is then prompted to enter the file location to save the keys and a passphrase, after which an SSH keypair is generated with default parameters, i.e., 3072 bits with RSA type. The keys are saved in the /home/linuxuser/.ssh directory by default.
Step 3: Verification of SSH Key Generation
To verify that keys are generated, the following command is executed:
From the above image, it can be verified that the ssh key is generated. The generated keys can be viewed by navigating to the “/home/linuxuser/.ssh” directory using the cd command:
From the above image, it can be seen that public and private keys are generated successfully, i.e., id_rsa.pub and id_rsa. These keys can be viewed via the cat command.
To view the public key run the following command:
Similarly, the private key can be viewed by executing the following command:
How to Generate/Create SSH Key of Different Types and Sizes?
ssh-keygen generates a key of RSA type and 3072 bits by default, but a user can modify these parameters by using type (-t) and size (-b) flags followed by the ssh-keygen command. Three types of keys can be generated:
- RSA (Rivest Shamir Adleman): RSA encrypts and decrypts using separate but mathematical-related keys. It uses key sizes of 2048 and 3072 bits.
- DSA (Digital Signature Algorithm): DSA is faster than RSA. DSA mostly uses a key size of 1024 bits.
- ECDSA (Elliptic Curves Digital Signature Algorithm): ECDSA is more secure and faster than DSA and RSA. Additionally, ECDSA utilizes lower bandwidth and achieves a higher level of security by using a smaller key size i.e., 256, 384, and 521 bits.
The following command is used to generate a 384-bit key of type ECDSA:
Where:
- t: type, for example, RSA, DSA, ECDSA.
- b: bits (256-bit, 384-bit, or 521-bit)
The user is then prompted to enter the file location to save the keys and a passphrase after which an SSH key pair is then generated of type ECDSA and size 384.
To verify that keys are generated, the following command is executed:
From the above image, it can be verified that the SSH key: id_ecdsa.pub is generated.
How to Log in to a Remote Server via SSH Key?
A user can log in to a remote server with the generated SSH keys by the following steps:
Step 1: Copy the Public Key to the Ubuntu Remote Server.
OpenSSH is a connectivity tool that enables secure encryption for file transfer and remote log-in. The following command is used to install Open SSH
Press Y to continue with the installation. It will take a few seconds for the Open SSH installation to be completed.
The status of SSH services can be checked by:
From the above image, it can be seen that the ssh service is active. Next, the earlier generated public key is copied to the remote server by executing the following command:
Where:
- ssh-copy-id: command line tool to copy SSH key to the server.
- linuxuser: User Name.
- Ubuntu: Remote Server IP or Hostname.
From the above command, it can be verified that the public key is added to the remote server.
Step 2: Log-In/Connect to a Remote Server with SSH Key
A user can log in to a remote server via ssh command by executing the following command:
Where:
- linuxuser: User Name.
- ubuntu: Remote Server IP or Hostname.
The user is then prompted to enter the passphrase for the private key that was selected at the time of SSH key generation:
Enter the passphrase and press Unlock to log in to a remote server:
From the above image, it can be seen that the login to a remote server is successful.
How to Disable SSH Password Authentication?
An extra layer of security can be enabled by disabling the SSH password authentication. In order to disable SSH password authentication, a user can follow the below steps:
- Log in to the remote server with sudo privileges and modify the SSH configuration file, i.e., sshd_config by executing the following command:
- Uncomment the line containing “passwordauthentication yes”.
- Replace yes to no as shown below:
- Save and exit the file by pressing [Ctrl+O] and [Ctrl+X].
- Restart ssh by executing the following command:
- Verify the status of SSH to ensure that SSH is active and running.
The above image verifies that the SSH password authentication is disabled on the server.
Conclusion
An SSH key pair is generated by the “ssh-keygen” command. Additionally, the key type and size can be selected by “-t” and “-b” flags respectively. This article demonstrated how to generate an SSH key with ssh-keygen in Linux/Ubuntu 22.04 LTS. Additionally, logging in on a Ubuntu remote server with SSH public key and disabling password-based authentication is also discussed in this article.