====== Ubuntu - SSH - Creating public/private key authentication for SSH ====== To ensure the security of the connection when using SSH is by using public/private SSH keys, because passwords are not passed across the network and the system is resistant to attacks by “brute force”. ---- ===== On the local machine ===== ==== Create a .ssh directory ====


mkdir ~/.ssh

---- ==== Create the SSH keys ==== Using RSA:


ssh-keygen -t rsa

or using DSA (Digital Signing Algorithm):


ssh-keygen -t dsa

When asked for a pass phrase leave blank, since our purpose is to automate things. Two files in the .ssh directory: id_dsa and id_dsa.pub. The pub file has the public key and will be placed on the remote server. ---- ==== Copy the public key to the remote server ==== Copy the id_dsa.pub file to the remote server via SCP:


scp ~/.ssh/id_dsa.pub username@example.com:/home/username/

---- ===== On the remote server ===== ==== Connect to the remote server with SSH ====


ssh username@example.com

---- ==== Create a .ssh directory ====


mkdir ~/.ssh

---- ==== Copy the public key to the file authorized_keys ====


cat id_dsa.pub >> ~/.ssh/authorized_keys

---- ==== Remove file id_dsa.pub ====


rm id_dsa.pub

---- ==== Setting the correct permissions on the key ====


chown -R username:username /home/username/.ssh
chmod 700 /home/username/.ssh
chmod 600 /home/username/.ssh/authorized_keys

---- ==== Configuration SSH ====


sudo vi /etc/ssh/sshd_config

And check this lines: RSAAuthentication yes PubkeyAuthentication yes AuthorizedKeysFile %h/.ssh/authorized_keys PasswordAuthentication no ---- ==== Restart the server ====


sudo /etc/init.d/ssh reload

Done ---- ===== Test ===== Try to connect to the remote server with SSH:


ssh -i /path-to-private-key username@remote-host-ip-address

Or just this:


ssh username@remote-host-ip-address