Low Orbit Flux Logo 2 D

Generate SSH Key

Generating ssh keys can be the first step towards faster logins and improved productivity. It also helps to improve security.

Generating RSA Keys - Basic Setup

Generate Key Pair

Create the .ssh directory inside your home directory if it doesn’t exist already. Make sure the permissions are set correctly. Then, run the ssh-keyugen command to generate an RSA public key and an RSA private key pair.


mkdir ~/.ssh
chmod 700 ~/.ssh
ssh-keygen -t rsa

Your public key will be here:
.ssh/id_rsa.pub

Your private key will be here:
.ssh/id_rsa.pub

Stronger Key - optional

If you want a stronger key you can specify the bits. The default is 2048. You can double that witht he following command. Instead of using the ssh-keygen command shown above, use this version of the command with the ‘-b 4096’ option.


ssh-keygen -t rsa -b 4096

Transfer Client Key to Host


ssh-copy-id <username>@<host>

ssh-copy-id "<username>@<host> -p <port_nr>"

Works if you have password auth but not if you are already using a key with password auth disabled.


cp authorized_keys authorized_keys_Backup 
cat id_rsa.pub >> authorized_keys
chmod 600 ~/.ssh/authorized_keys

Disable password Authentication

/etc/ssh/sshd_config


PasswordAuthentication no

Make sure these are set ( should be already ):


PubkeyAuthentication yes
ChallengeResponseAuthentication no

Reset SSHD after making changes:


sudo systemctl reload sshd

Encrypted Home Directory

/etc/ssh/

/etc/ssh/sshd_config


AuthorizedKeysFile    /etc/ssh/%u/authorized_keys

sudo service ssh restart

Stuff That Can Go Wrong

Disabled in Config:

Should be already set on default Ubuntu install:

/etc/ssh/sshd_config


PubkeyAuthentication yes
RSAAuthentication yes

Check status:


sudo service ssh restart

Permissions:


chmod go-w ~/
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys

Client not picking up keys: If you see an error like this:

“Error: Agent admitted failure to sign using the key.”

It probably means that the client agent hasn’t yet picked up the key, even though it should have. Try this to make it pick up the key:


ssh-add

More Debugging: On the server, you can start the SSH daemon in debug mode to see output.


sudo /usr/sbin/sshd -d

On the client you can use the ‘-v’ or ‘-vv’ switch for more verbosity. This will show more information and hopefully give you more insight into what is going wrong.


ssh -v ( or -vv) username@host's