Configuring SSH in Ubuntu

Technology SSH (Secure Shell) allows secure remote management of a computer via a secure connection. SSH produces the encryption of all transferred files, including passwords, and sends any network Protocol. For correct operation of the instrument, it must not only establish, but also to configure. It is about the product of the main configuration we would like to talk about in this article, taking as an example the latest version of Ubuntu, which will be located server.

Custom SSH in Ubuntu

If you have not completed the installation on server and client PC, you’ll need to do it initially, the benefit of the entire procedure is quite simple and will not take much time. Detailed guide on this topic meet in our other article on the following link. It also shows how to edit the configuration file and test a working SSH, so today we will focus a bit on other tasks.

See also: Installing SSH server in Ubuntu

Create RSA key pair

Just installed SSH yet given keys to implement a connection from server to client and Vice versa. All these parameters must be set manually immediately after adding all components of the Protocol. The key pair works using the RSA algorithm (a contraction of the names of the developers Rivest, Shamir and Adleman). With this cryptosystem, using special algorithms is encryption keys. To generate a pair of public keys you only need to enter the appropriate commands into the console and follow the instructions.

  • Go to work with “Terminal” by any convenient method, for example by opening it through the menu or the key combination Ctrl + Alt + T.
  • Enter the command ssh-keygen, and then press Enter.
  • You are prompted to create the file where you saved the keys. If you wish to leave them at the location selected by default, just press Enter.
  • The public key can be protected with a passphrase. If you want to use this option in the line that appears, write the password. The characters thus displayed. In the new row will be required to repeat it.
  • Next you will see a notification that the key has been saved, and will be able to see it with a random graphic.
  • Now you have created the key pair — private and public, to be used for further connections between computers. Just need to put the key on the server, to the SSH authentication was successful.

    Copy the public key to the server

    There are three methods of copying keys. Each of them will be optimal in different situations, when, for example, one of the ways does not work or is not suitable for a specific user. We propose to consider all three options, starting with the most simple and effective.

    Option 1: ssh-copy-id

    The command ssh-copy-id is built into the operating system, so it does not need to install any additional components. Follow the simple syntax to copy the key. In “the Terminal” , you must enter the ssh-copy-id [email protected]_host, where [email protected]_host — the name of the remote computer.

    When you first connect you will receive a notification text:

    The authenticity of host '203.0.113.1 (203.0.113.1)' can't be established.
    ECDSA key fingerprint is fd:fd:d4:f9:77:fe:73:84:e1:55:00:ad:d6:6d:22:fe.
    Are you sure you want to continue connecting (yes/no)? yes

    It is necessary to specify the option of yes to continue the connection. After this utility to do a search for the key in the file id_rsa.pubthat was created earlier. Upon successful detection displays this result:

    /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
    /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
    [email protected]'s password:

    Enter the password from the remote host to the utility was able to enter it. The tool will copy the data from the public key file ~/.ssh/id_rsa.pub, and then the screen will display the message:

    Number of key(s) added: 1

    Now try logging into the machine, with "ssh '[email protected]'"
    and check to make sure that only the key(s) you wanted were added.

    The emergence of such a text means that the key was successfully downloaded to the remote computer, and I don’t have any problems with the connection.

    Option 2: Copy public key using SSH

    If you can’t use the above mentioned utility, but there is a password for remote SSH server that can upload your user key manually, thereby providing further stable authentication when connecting. Used to do this, the command cat, which will read data from a file, and then they are sent to the server. In the console you will need to enter a string

    cat ~/.ssh/id_rsa.pub | ssh [email protected]_host "mkdir -p ~/.ssh && touch ~/.ssh/authorized_keys && chmod-R go= ~/.ssh && cat >> ~/.ssh/authorized_keys".

    When you see the message

    The authenticity of host '203.0.113.1 (203.0.113.1)' can't be established.
    ECDSA key fingerprint is fd:fd:d4:f9:77:fe:73:84:e1:55:00:ad:d6:6d:22:fe.
    Are you sure you want to continue connecting (yes/no)? yes

    continue the connection and enter the password to log on to the server. Then the public key will automatically be copied to the end of the configuration file authorized_keys.

    Option 3: Manually copying public key

    In the absence of access to the remote computer through the SSH server, all above steps are performed manually. To do this, first recognize the key information on a server PC through the command : cat ~/.ssh/id_rsa.pub.

    The screen will display similar to this line: ssh-rsa + key as a set of characters== [email protected]. Then go to work on a remote device create a new directory using mkdir -p ~/.ssh. It additionally creates a file authorized_keys. Next, insert the key that you saw earlier using echo + string public key >> ~/.ssh/authorized_keys. You can then try to authenticate with a server without using passwords.

    Authentication on the server using the created key

    In the previous section, you learned about three methods of copying key to the remote computer to the server. Such actions will allow you to connect without using a password. This procedure is run via the command line by typing shh ssh [email protected]_host, where [email protected]_host — the name of the user and the host of the computer. When you first connect you will be notified about an unknown compound and can continue by selecting yes.

    The connection will happen automatically, if during the creation of the key pairs have been set in the key phrase (passphrase). Otherwise, you first have to introduce her to continue to work with SSH.

    Disable password authentication

    Successful setting up the keys, considered in the situation when it is possible to log on to the server without using a password. However, the possibility of authentication thus allows attackers to use tools for password guessing to crack a secure connection. To protect yourself from such cases will fully disable the login password in the configuration file of SSH. This will require:

  • In “Terminal” open the configuration file using editor command sudo gedit /etc/ssh/sshd_config.
  • Find the line “PasswordAuthentication” and remove the sign # at the beginning to uncomment the parameter.
  • Change the value to no and save the current configuration.
  • Close the editor and restart the server sudo systemctl restart ssh.
  • Password authentication is disabled and login to the server will be possible only by using specially created for this key with the RSA algorithm.

    Configuring standard firewall

    In Ubuntu the network the default security is the firewall Uncomplicated Firewall (UFW). It allows you to allow connections for selected services. Each app creates your profile in this tool, and already manages to allow or disallow the connection. Profile setup SSH by adding it to the list is this:

  • Open the profile list firewall using the command sudo ufw app list.
  • Enter the password of the account to display information.
  • You will see a list of available applications, among them should be OpenSSH.
  • Now you want to allow connections via SSH. This will add it to the list of allowed profiles using sudo ufw allow OpenSSH.
  • Turn on firewall, updating rules sudo ufw enable.
  • To be sure that connections are enabled, you should register sudo ufw status, and then you will see the network status.
  • Our instructions to configure SSH in Ubuntu completed. Further parameters of the configuration file and other parameters are carried out personally by each user for his queries. To see the effect of all components of SSH, you can the official documentation of the Protocol.

    Source: lumpics.ru

    (Visited 37 times, 1 visits today)