SSH (Secure Shell) protocol enables secure connections to remote systems via symmetric and asymmetric encryption. It does this with the use of ‘keys’, more specifically ‘public’ keys and ‘private’ keys. As the key names imply, public keys are accessible to anyone, and private keys are supposed to be kept a secret. In other words, private keys should only be known to the the machine they are on and NOT to anyone or anything else.
When a user (or any client really) is connecting to a server over port 22 for the first time using ssh, the server needs a way to authenticate the user. So just type in:
ssh user@<server address>
Then assuming everything is working as intended, proceed to login with a normal user name and password remotely. In doing this however, you are in many ways defeating the purpose of using ssh. Imagine you are managing 50+ servers on a day to day bases, are you really going to manage that many passwords? No, you can easily (and more securely) add your machines public key to the authorized_keys on the server.
In my case, I will be using Ubuntu 18 desktop as my client, and attempting an ssh connection to and Ubuntu 18 server.
1.) Make sure you are running the correct software:
For the Ubuntu server I am using OpenSSH, which was installed by default.
# Install it if you do not already have it: $ sudo apt-get install openssh-server # Enable it: $ sudo systemctl enable ssh # Start it: $ sudo systemctl start ssh # Check its status: $ sudo systemctl status ssh
2.) Make sure your firewall is allowing ssh on port 22:
I am using Uncomplicated Firewall (UWF) which also came by default on my Ubuntu server. If you do not have a firewall and do not want one for some reason then skip this step.
# Install it if you do not already have it: $ sudo apt-get install ufw # Enable it: $ sudo ufw enable # Check its status: $ sudo ufw status # Allow ssh connections: $ sudo ufw allow ssh
3.) Generate local key pair: (On the client)
$ ssh-keygen -t rsa
There should now be two new files in the ~/.ssh directory. An id_rsa file (the private key) and an id_rsa.pub file (the public key).
4.) Copy the public key up to the server: (DO NOT MOVE THE PRIVATE KEY)
NOTE: In many cases if you do not already have access to the machine and cannot add your own public key. Normally you would have to ask the administrator of the system to add a public key.
$ ssh-copy-id user@<your-server-address>
SSH Website: https://www.ssh.com/ssh/