Setting up OpenSSH

OpenSSH is a suite of software tools for ensuring secure connection between computers on an insecure network.  I recently set up my two Ubuntu Desktop machines on my office LAN so that I can connect and transfer files between them without hassle and thought I'd share the setup process here.  Most of what I'm sharing here can be found under the Ubuntu Server Guide documentation, but I will be adding a few items of interest in this article.

First we start by installing the client and server software on both machines:

sudo apt install openssh-client

sudo apt install openssh-server

You can now verify that everything works by logging in to the other machine as follows:

ssh username@ipaddress or ssh username@hostname

Remember to use the username for the account on the other machine not the local machine.  You will be prompted for a password in order to login.

The next step is to configure the server daemon by editing the /etc/ssh/sshd_config file to use cryptographic identity keys to login rather than a password.  To enable this uncomment the line:

PubkeyAuthentication yes 

If you wish to add a login banner with a welcome message, legal or security warnings you can modify the Banner line as follows:

Banner /etc/issue.net

Example of login message set in issue.net
My ssh login welcome message

After saving the changes restart the service:

sudo systemctl restart sshd.service

The next step is to generate the public and private keys required for authentication without passwords:

ssh-keygen -t rsa

This will generate two files named ~/.ssh/id_rsa.pub (the public key) and ~/.ssh/id_rsa (the private key).  We now how to copy the id_rsa.pub file to the remote host and append it to ~/.ssh/authorized_keys file. OpenSSH has a utility to do that as follows:

ssh-copy-id username@remotehost

You should now be able to connect using ssh without being prompted for a password.  To simplify things even more requiring less typing you can create a <code>~/.ssh/config</code> file with the user and host names or identity file if you wish to manually specify an identity file (private key) as is the case with my cloud server.

Host asus
  Hostname asuspro
  User sammy

Host mycloud
   HostName example.com.au
   User johndoe
   IdentityFile ~/.ssh/identitykey.pem

I can now logon to my asus machine by simply typing ssh asus rather than ssh sammy@asuspro and to my cloud server by typing ssh mycloud rather than ssh -i ~/.ssh/identitykey.pem This email address is being protected from spambots. You need JavaScript enabled to view it.

Go to top