Guide to setting up public keys for SSH
Uploaded on July 8th, 2023
I have a QEMU virtual machine running Ubuntu Server 22.04 LTS on IP 192.168.122.91. I can SSH into it fine from my Arch Linux install, but its not 100% secure because it uses password authentication.
I'm going to walk through the steps to generate an SSH key, trust it on the virtual machine, and force public key authentication.
Slight disclaimer:
If this guide makes your server unable to be SSHed into or somehow blew up your computer, you were the one who followed this. I may have written the guide, but you followed it. Run with caution, review the commands before running, and be careful with sudo and root.
Generating a key
First, we need a key.
[jasedxyz@jasetop ~]$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/jasedxyz/.ssh/id_rsa):
# hit enter/return for the default location (i recommend this for simplicity)
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/jasedxyz/.ssh/id_rsa
Your public key has been saved in /home/jasedxyz/.ssh/id_rsa.pub
The key fingerprint is:
fingerprint
The key's randomart image is:
+---[RSA 3072]----+ =
| randomart |
+----[SHA256]-----+
=
Okay, our key is in ~/.ssh/id_rsa
and id_rsa.pub
.
Put key in GitHub
Now, you can upload your PUBLIC key anywhere, but I'm going to put them in GitHub because of the fancy commands you can use to import them on Ubuntu
Sign into https://github.com/ , click on your profile, and go into settings. Click on "SSH and GPG keys
"
Now, back on my computer, type
[jasedxyz@jasetop ~]$ cat ~/.ssh/id_rsa.pub
# if you changed the path, replace '~/.ssh/id_rsa.pub' with your path.
(insert key here)
That's our public key, copy it, and go back to GitHub.
Lets hit New SSH key
. Type in a title (whatever you want), and in the key box, paste in your public key, and then Add SSH key
.
Import SSH key
Now, on the server, lets import our newly generated key.
jasedxyz@qemuserver:~$ ssh-import-id-gh Jased-0001
# replace with your github account obviously
Now, in ~/.ssh/authorized_keys
, you should be able to see your key. Double check it or don't.
Disable password authentication
To start using our freshly-picked SSH key, we need to change some settings.
jasedxyz@qemuserver:~$ sudo nvim /etc/ssh/sshd_config
# or your editor of choice
Remove the #
in front of line 38
and 41
Do the same for line 57, and set it to no
Save and exit.
Reload, and exit the SSH session.
jasedxyz@qemuserver:~$ sudo systemctl reload sshd
jasedxyz@qemuserver:~$ exit
logout
Connection to 192.168.122.91 closed.
[jasedxyz@jasetop ~]$
Did it work?
Lets reconnect and see if it worked!
[jasedxyz@jasetop ~]$ ssh jasedxyz@192.168.122.91
Enter passphrase for key '/home/jasedxyz/.ssh/id_rsa':
Welcome to Ubuntu 22.04.2 LTS (GNU/Linux 5.15.0-76-generic x86_64)
...
jasedxyz@qemuserver:~$
It works! Now my (and if you followed along your) server is protected against brute forcing, phishing, all that bad stuff.