In this article I will show you how to use public key authentication to connect to your Ubuntu server. This will allow us to authenticate to our server using SSH without having to type in a passphrase. Instead, a key that we generate will be use for the process.

1. The first thing I am going to do is to generate an SSH-2 RSA key using PuTTY Key Generator.

PuTTYGen-1

2. After you have generated your key, go ahead and enter a passphrase for your private key.  Once you have a passphrase set go ahead and export your key to the OpenSSH format.

PuTTYGen-2

3. I went ahead and used SCP to the transfer the key over to my Ubuntu server. Once I had the key in my server I modified the permissions and set them to 700

Key-1

4. We now need to generate the public key from the private key that I just imported. This was done by using the following command:

ssh-keygen -f privateK -y > authorized_keys

Key-2

-F: The file option

-Y: This option will read a private OpenSSH format file and print an OpenSSH public key to stdout.

Note: When asked for the passphrase type in the passphrase that you used at the beginning. Also, change the permission on the “authorized_keys” file to 600.

We should now be set to use our keys for authentication when we connect to our server. The first things that you want to do is to download Pageant which is an SSH authentication agent for PuTTY.

5. Once you have installed the program go ahead and run it. It should start minimized on the notification bar if you are using windows. You should be able to double-click the program to open up the main window. You then want to go ahead and click “Add key” to load the private key that we created.

Pageant-1

Type in the passphrase when prompted to do so. With your key loaded successfully open up putty and try to connect to your server.

6. When connecting to your server you should use the following format for the “Host Name”

username@[ipaddress|hostname]

Connection-1

And we have success!!

Connection-2

To finalize this guide I will show you how to modify the default port that is used for SSH connections as well as disabling the “root” account from remote login via SSH. The reason for disallowing “root” from remotely login in is because it is the target for many dictionary based attacks and this will help mitigate that. Changing the port used by SSH should be done because typically port 22 is one of the main targets for these attacks as well as port 23 which is used for telnet.

Note: You should never used telnet for anything or any protocols that transmit credentials using clear text. In one of my future articles I will show you this and why it is bad practice to use telnet.

7. To begin, let’s go ahead and modify your sshd_config file in Ubuntu Server. This should be located in “/etc/ssh/”

SSHConfig-1

In here you want to modify the “Port” parameter and change it something else. I picked a port number in the range of 49152-65535 as these are ports that can’t be registered with IANA and will most likely not conflict with anything on my server.

Lastly you want to go ahead and modify the “PermitRootLogin” parameter and set it to “no”

Note: Make sure that you have another account that is not the root account before doing so as you will lock yourself out otherwise. It would be wise to test logging into the account via SSH first before disabling the root account from remote login.

Go ahead and restart the ssh service on your server:

sudo service ssh restart

This completes this article and I will start putting some networking content this week if not next. That is it for now, thank you for taking your time to read this article. See you around next time.

Leave a Reply