Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Save more on your purchases! discount-offer-chevron-icon
Savings automatically calculated. No voucher code required.
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Newsletter Hub
Free Learning
Arrow right icon
timer SALE ENDS IN
0 Days
:
00 Hours
:
00 Minutes
:
00 Seconds
Arrow up icon
GO TO TOP
Ubuntu Server Cookbook

You're reading from   Ubuntu Server Cookbook Arm yourself to make the most of the versatile, powerful Ubuntu Server with over 100 hands-on recipes

Arrow left icon
Product type Paperback
Published in Jun 2016
Publisher Packt
ISBN-13 9781785883064
Length 456 pages
Edition 1st Edition
Concepts
Arrow right icon
Author (1):
Arrow left icon
Uday Sawant Uday Sawant
Author Profile Icon Uday Sawant
Uday Sawant
Arrow right icon
View More author details
Toc

Table of Contents (16) Chapters Close

Preface 1. Managing Users and Groups FREE CHAPTER 2. Networking 3. Working with Web Servers 4. Working with Mail Servers 5. Handling Databases 6. Network Storage 7. Cloud Computing 8. Working with Containers 9. Streaming with Ampache 10. Communication Server with XMPP 11. Git Hosting 12. Collaboration Tools 13. Performance Monitoring 14. Centralized Authentication Service Index

Setting up public key authentication

In this recipe, you will see how to set up secure public key authentication.

Getting ready

You might need root privileges for certain tasks.

How to do it...

Follow these steps to set up public key authentication:

  1. Add a new user. You can skip this step if you have already created a user:
    $sudo adduser john
    
  2. Log in as john and change to the home directory with cd ~/:
  3. Create a .ssh directory if it doesn't already exist:
    $ mkdir .ssh
    
  4. Create a file named authorized_keys under the .ssh directory:
    $ touch .ssh/authorized_keys
    
  5. Set permissions on the .ssh directory to 700:
    $chmod 700 .ssh
    
  6. Set permissions for authorized_keys to 600:
    $ chmod 600 .ssh/authorized_keys
    
  7. Generate public key pair on your local system with the following command:
    $ ssh-keygen
    
  8. Copy the generated public key from the .ssh/id_rsa.pub file to the authorized_keys file on the server.
  9. Now, open an ssh connection from local to server with the following command:
    $ ssh john@server
    
  10. If asked for confirmation, type yes and press the Enter key to continue:
    How to do it...

How it works…

Logging in with SSH supports different authentication methods. Public key authentication and password-based authentication are two common methods. To log in with public key authentication, we need a public private key pair. We generate this key pair with the ssh-keygen command. This command creates two files under the .ssh directory in the user's home:

  • id_rsa: This is the private key file
  • id_rsa.pub: This is the public key file

You can view the contents of the files with $cat id_rsa.pub. It should start with something like ssh-rsa AAAA...(except for the trailing dots).

How it works…

We then copy the contents of public key to the server's authorized_keys file. Ensure that all contents are listed on single line in the authorized_keys file.

Also, ensure the permissions are properly set for the .ssh directory, and ensure that the authorized_keys file and directory are owned by the user. The permissions for the .ssh directory limits read, write, and execute permissions to the owner of the file. Similarly, for authorized_keys file, permissions are limited to read and write for owner only. This ensures that no other user can modify the data in the .ssh directory. If these permissions are not properly set, the SSH daemon will raise the warning Permission denied?.

Working of SSH authentication

When the SSH client initiates a connection with the server, the server sends public key identification of server to client. If a client is connecting to the server for the first time, it shows a warning and asks for user confirmation to store the server key in the known_hosts file under the .shh directory. After receiving the identity, the client authenticates server to ensure that it is really the intended server.

After server authentication, the server sends a list of possible authentication methods. The client selects the authentication method and selection to the server. After receiving the authentication method, the server sends a challenge string encrypted with client's private key. The client has to decrypt this string and send it back to server along with previously shared session key. If the response from the client matches the response generated by the server, then client authentication succeeds.

There's more…

You might be searching for a secure option to install key on server. Here's one way!

If your local system has the ssh-copy-id tool installed, you can directly add your public key to the server's authorized_keys file with a single command:

$ ssh-copy-id john@serverdomain

After providing the password, your local public key will be added to the authorized_keys file under the .ssh directory of the user john.

Troubleshooting SSH connections

Most of the connection issues are related with configuration problems. If you happen to face any such issue, read the error message in detail. It is descriptive enough to understand the mistake. You can also go through following checklist:

  • Check if the SSH daemon is running. Check the port in use and port conflicts, if any
  • Check whether the firewall configuration allows SSH ports
  • Check the list of configuration methods that are enabled
  • Check permissions for your private keys on your local system
  • Check authorized_keys file for your public key on the server
  • Check for any entry with the old address of the server in known_hosts on the local system

Additionally, you can use the verbose flag (-v or -vvv) with the ssh command to get details of every step taken by the SSH client. Also, check SSH daemon logs on server.

SSH tools for the Windows platform

If your local system runs Windows, then you can use tools provided by puTTYto generate new keys and connect to the server:

  • putty.exe: This is the SSH client on Windows
  • puttygen.exe: This tool generates public or private keys
  • pscp.exe: This is the SCP client for secure file transfer

When using public key generated by the puttygen.exe tool, make sure that you convert the key to OpenSSH key format. Remove all comments and prepend ssh-rsa. Additionally, the entire key should be listed on a single line.

Another easy option is to use puttygen.exe. Load your private key in PuTTYgen and then copy the public key from the Key section of the PuTTYgen window.

See also

You have been reading a chapter from
Ubuntu Server Cookbook
Published in: Jun 2016
Publisher: Packt
ISBN-13: 9781785883064
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image