Notes
The purpose of this guide is to perform all the tasks necessary to install SSH on the computer that you want to manage.
Install
sudo apt updatesudo apt install openssh-server
Creating SSH2 RSA key; this may take some time ...
2048 SHA256:2v8uIOT+JCKqzJQx0mqn1I5bLVG70EYyBGCyUC+OiAc root@dwdu (RSA)
Creating SSH2 ECDSA key; this may take some time ...
256 SHA256:W17256FYfgdMxkWkpj7hC/lWpPsaze25xE/xe+eWg7s root@dwdu (ECDSA)
Creating SSH2 ED25519 key; this may take some time ...
256 SHA256:qusRsu8xYJA+Nm4lJM82nZIyVUw/xWo+YZdx7vd0xBE root@dwdu (ED25519)
- Check for existing ssh keys
ls -al ~/.ssh/id_*.pub
- If no keys are found, or you want to create a new key
ssh-keygen -t rsa -b 4096 -C "email@addr.ess
Generating public/private rsa key pair.
Enter file in which to save the key (/home/username/.ssh/id_rsa):
Created directory '/home/username/.ssh'.
Enter passphrase (empty for no passphrase): ******
Enter same passphrase again: ******
Your identification has been saved in /home/username/.ssh/id_rsa.
Your public key has been saved in /home/username/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:A7By6lZ9xFk9rRHBi5ABVlDYKjc8OPLadqTxNfGH0U0 email@addr.ess
The key's randomart image is:
+---[RSA 4096]----+
| . +B+=.oo+ oE|
| +o.Oo= * o o|
| . o .=++ + B o |
| + . oo o = o .|
| . . .oS= . ... |
| . . ..+.o |
| o . . |
| . T. |
| |
+----[SHA256]-----+
- Verify public and private keys were made
ls ~/.ssh/id_* - Should be two id_rsa (private key you will use to log in remotely) and id_rsa.pub (public key to identify private key to authorize loggin in)
- Now add your public key to the list of authorized keys
cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
sudo chmod 600 ~/.ssh/authorized_keys
- Try to log in
ssh -i /path/to/id_rsa username@computername - Will ask you for your username’s password
- If you are able to log in this way, you can now disable password authentication
- You will need to change three lines in one file and restart ssh in order to do this
sudo nano /etc/ssh/sshd_config
Then
PasswordAuthentication no
ChallengeResponseAuthentication no
UsePAM no
Finally
sudo service ssh restart
11. Try to log in with password only ssh username@computername
12. You should get username@computername: Permission denied (publickey).
13. Now try to log in with private key ssh -i ~/.ssh/id_rsa username@computername
14. If you get the same error username@computername: Permission denied (publickey). you didn’t do step 07
15. You’re in!
Additional SSH tips
To log in to a non-standard ssh port (not 22), add -p ??? where ??? is the port you are using ssh -i ~/.ssh/id_rsa -p 443 username@computername
Other
Rememer to add access to the OpenSSH server by adding an exception to your firewall (if you use ufw: sudo ufw allow ssh&&sudo ufw reload) and on your router port forward port 22 to your server!
The main photo and basic how to information was acquired, in part, and simplified from Linuxize at 10:04 AM on October 16, 2019.