Tag Archives: SSL

Generate a ssh key and disable password authentication on Ubuntu server

Update:There is now an updated version of this guide for Ubuntu 12.04: Generate a ssh key and disable password authentication on the Ubuntu 12.04 (Precise Pangolin) server

1. Generate the ssh key pair on the desktop computer:
ssh-keygen

2. Copy the public key to the server:
scp ~/.ssh/id_rsa.pub user@10.10.10.1:

3. Connect to the server:
ssh user@10.10.10.1

4. Append the public key to authorized_keys and remove the uploaded copy:
cat id_rsa.pub >> ~/.ssh/authorized_keys
rm id_rsa.pub

5. Edit the ssh server configuration to make sure that public key authentication is enabled (it should be enabled by default):
sudo nano /etc/ssh/sshd_config

5.1 These entries must be set to yes:
RSAAuthentication yes
PubkeyAuthentication yes

6. Reload the configuration:
sudo /etc/init.d/ssh reload

7. Disconnect from the server:
exit

8. Try connecting without the need to give the password to the ssh-client:
ssh user@10.10.10.1

You might need to give a password now to access your private key file, but you should not need to give the password to the ssh program.

9. Disable password authentication:
sudo nano /etc/ssh/sshd_config

9.1 The following settings should be set to no:
ChallengeResponseAuthentication no
PasswordAuthentication no
UsePAM no

9.2. Reload the configuration:
sudo /etc/init.d/ssh reload

10. Test that password authentication really is disabled:
10.1 Disconnect from the server:
exit

10.2 Rename your private key file:
mv ~/.ssh/id_rsa ~/.ssh/id_rsa.backup

10.3 Try to reconnect to the server:
ssh user@10.10.10.1

This should produce a permission denied message: “Permission denied (publickey).”

10.4 Restore your private key file:
mv ~/.ssh/id_rsa.backup ~/.ssh/id_rsa

Done 🙂


Referens

Debuntu

Advertisements