Configure SSH Key-Based Authentication for Ubuntu 22.04

In this article, I'll share my experience setting up secure SSH access to my Ubuntu server using public key cryptography. This method eliminates the need to type passwords every time, making connections faster and more secure. Let's dive in!

Prerequisites

• Local machine with a terminal window (e.g., Bash, PowerShell)
• Ubuntu server on the same local network

Generating the Keys

1. Open a terminal window on your local machine.

2. Generate a key pair using the following command, replacing your_email@example.com with your actual email address:
   

   ssh-keygen -t ed25519 -C "your_email@example.com"

Press Enter to accept the default location (usually ~/.ssh) for saving the key pair. If prompted, enter a strong passphrase for added security (highly recommended). The private key will be named id_ed25519 (or id_rsa for older SSH versions), and the public key will be named id_ed25519.pub (or id_rsa.pub).

Copying the Public Key (with ssh-copy-id)

1. Enable SSH password authentication on the server temporarily (you can disable it later).

2. Copy the public key to the server using ssh-copy-id:
   

   ssh-copy-id -i ~/.ssh/id_ed25519.pub username@192.168.10.100

Replace username with your server's username and 192.168.10.100 with your server's IP address. Enter the server's password when prompted.

Connecting with SSH Keys

1. From your local machine, try connecting to the server using SSH:

   ssh -i ~/.ssh/id_ed25519 username@192.168.10.100

If you set a passphrase, you'll be prompted to enter it now.

Disabling Password Authentication (Optional)

1. On the server, edit the sshd_config file using a text editor (e.g., nano):

   sudo nano /etc/ssh/sshd_config

1. Locate the line that reads #PasswordAuthentication yes.

2. Uncomment the line by removing the # symbol at the beginning and set PasswordAuthentication no

3. Search for any included configuration files (e.g., sshd_config.d/*) that might override PasswordAuthentication settings. Edit them if necessary to set PasswordAuthentication no. (in my case PasswordAuthentication yes was set by default in /etc/sshd_config.d/ and it overwrote the configuration of ssh_config

4. Save the changes and restart the SSH service:
   

   sudo systemctl restart ssh

Host-Specific Configuration (Optional):

1. On your local machine, create a new file named config (if it doesn't exist) inside the ~/.ssh directory using a text editor.

2. Add the following lines to the config file, replacing 192.168.10.100 with your actual server's address, username with your server's username, and id_ed25519 with the actual filename of your private key (if different):
   

   Host 192.168.10.100
       User username
       IdentityFile ~/.ssh/id_ed25519

Now, whenever you use ssh username@192.168.10.100, OpenSSH will automatically use the appropriate key for a streamlined connection.

Connecting with Ease:

Finally, test your connection! Simply run the following command from your local machine:

ssh username@192.168.10.100

You should be logged in to your server without needing to enter a password!

References

• ssh - Disabling password authentication not working - Server Fault
• 作りながら学ぶ　Webシステムの教科書｜日経Linux