Skip to content

How to Set Up SSH

close up photo of programming of codes

First of all, you don’t need RSA keys to use ssh. You can ssh into any machine with no setup. You just need to know the hostname (ip address), username, and password. You can even ssh into root.

For example, something like this should work with no setup.

ssh andrew@192.168.1.48
[enter password for andrew]

This is true only if the host/server machine has OpenSSH service running.

Enable SSH on the Server

Reference: https://linuxize.com/post/how-to-enable-ssh-on-ubuntu-20-04/

Ubuntu Desktop does not come with server-side OpenSSH pre-installed, whereas Ubuntu Server does. OpenSSH service will not be running on Ubuntu Desktop by default.

To install the server-side OpenSSH service on Ubuntu Desktop, run the following:

sudo apt update
sudo apt install openssh-server

It will then start running automatically. Confirm that it is running with the following:

sudo systemctl status ssh

The output should look something like this:

● ssh.service - OpenBSD Secure Shell server
     Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: e>
     Active: active (running) since Sat 2022-05-21 21:51:57 PDT; 50min ago
       Docs: man:sshd(8)
             man:sshd_config(5)
   Main PID: 6422 (sshd)
      Tasks: 1 (limit: 9355)
     Memory: 4.1M
        CPU: 382ms
     CGroup: /system.slice/ssh.service
             └─6422 "sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups"

Client-Side SSH Setup

Let’s create a config file, which will save time when connecting.

On client machine, create .ssh folder in user’s home.

cd ~
mkdir .ssh
sudo chmod 700 .ssh # user R/W/X only
cd .ssh

Create config file.

touch config
vim config

Enter the following in the config file. These items apply to all hosts. Lines can be moved between this section and individual hosts depending on how you want the settings to apply. You can list as many host sections as you want.

Host *
	CheckHostIp no
	StrictHostKeyChecking no
	#Timout in sec
	ConnectTimeout 5
	ForwardAgent yes
	ForwardX11 yes
	#ControlMaster auto 
	#ControlPath /tmp/.ssh_control-%h-%p-%r
	#ControlPersist 4h
	#StreamLocalBindUnlink yes 
	#Compression yes

# First line is alias you want to use for this host.
Host myServer
	# Host IP address
	HostName 192.168.1.85
	# User account name on host that you want to connect to.
	# You can connect to root, FYI.
	User andrew
	# Private key file location on client system.
	IdentityFile ~/.ssh/id_rsa
	IdentitiesOnly yes

If you’re not using keys, comment out the “IdentityFile” line.

Now that the alias is set up, you can connect with:

ssh myServer
[password]

This is equivalent to:

ssh andrew@myServer

or…

ssh andrew@192.168.1.85

Note that since the IP address used is a local/private IP (not public), because it’s part of a local subnet (router), this connection can only be established if both computers are on the same network. This is why at work you need to connect to VPN to ssh into company machines.

You can set it up to access publicly from anywhere by using port forwarding on port 22 of the sub-network’s router. Look online for guides, and see router settings.

Basically you assign a static IP to the server machine, you tell the router to reserve that IP for the server and not assign it to any other devices on the network. Then you tell the router to forward all traffic directed to its public IP on port 22 to the static subnet IP of the server machine.

For example, if public IP of router is 58.29.123.40, all traffic to 58.29.123.40:22 (port 22) would be forwarded by the router to the static local IP of the server machine, as if you’re connecting to the server directly.

When you do ssh, you would use 58.29.123.40:22 (port 22).

Setting Up RSA Keys

Using RSA keys is more secure, and you don’t have to type a password every time. This is also necessary if you want to use ssh in a script.

Great guide for setting up keys:

https://phoenixnap.com/kb/ssh-with-key

On the server machine, generate ssh keys and save results to a file.

cd ~/.ssh
ssh-keygen > keygen-results.txt
# (press enter if it's not moving)

If it asks for a passphrase, enter one, or press enter to leave blank and skip. This passphrase is different from the password to ssh into a machine. This passphrase encrypts the private key file. The ssh connect password is the account password on the user machine you’re connecting to.

A public and private key will be placed in the .ssh folder.

ls
# Keys:
id_rsa
id_rsa.pub

You can rename these to anything you want, as long as the public key has the same name as the private key plus “.pub” extension.

Change permissions of private key to user R/W only.

sudo chmod 600 id_rsa

Now you need to store this new key pair as a valid client connection in the server machine. This is done by storing a list of public keys for all valid connections in a file called “authorized_keys” in the server’s ~/.ssh folder. Each key is separated by an empty line. In this case there is only one key.

cd ~/.ssh
touch authorized_keys
sudo chmod 600 authorized_keys

You can either manually copy the public key text into this file with the following…

# Make sure "authorized_keys" file is empty before
# doing this as it will overwrite the file.
cat id_rsa.pub > authorized_keys

…or you can use this command to do the same thing.

sudo ssh-copy-id -i [private key file] [username]@[hostname/IP]

Check the authorized_keys file to make sure the public key was added. Compare these two outputs.

cat authorized_keys
cat id_rsa.pub

Copying Keys to Client Machine

Now go to the client machine. Copy both keys and the results to the host machine’s ~/.ssh folder. You should be able to use ssh to copy them.

cd ~
mkdir .ssh # (if doesn't already exist)
cd .ssh
scp [username]@[host IP]:~/.ssh/* ~/.ssh
ls -la

All the server files should now be in .ssh on the client machine.
*Both the public and private key must reside in the client .ssh folder, otherwise the key will not be added to the ssh-agent automatically.

id_rsa
id_rsa.pub
keygen-results.txt

You should already have the config file set up from earlier, so you’re good to go. Try connecting.

ssh myServer

If the keys work, this should connect right away without prompting you for a password. If you get a password prompt, the keys are probably not working. Investigate by adding verbose flags to the ssh command. The more v’s, the more verbose.

ssh -vvv myServer

Once you’re connected to the host, delete the private key and keygen results from the server for security.

On host/server machine:

cd ~/.ssh
ls -la

Confirm id_rsa private key is there.

!!! CAREFUL WITH THIS !!!

rm id_rsa keygen-results.txt

Confirm delete and check what’s left in the folder.

ls -la

You should see (in server .ssh folder):

id_rsa.pub
authorized_keys

You may also see a “known_hosts” file in the server’s .ssh folder. This is normal and would have been auto-generated by OpenSSH if you connected the server to yet another server using ssh (the server would be acting as a client in that case).

Done.

1 thought on “How to Set Up SSH”

Leave a Reply