Setting Up An SSH Certificate For Ubuntu From A Mac

Want to support HowtoForge? Become a subscriber!
 
Submitted by bswinnerton (Contact Author) (Forums) on Tue, 2008-04-01 12:22. :: Ubuntu | Security

Setting Up An SSH Certificate For Ubuntu From A Mac

This howto should help you with setting up an RSA public and private key setup from a Mac to an Ubuntu box. Of course, this should be possible with other OS's but I have not tested it. Please post if it was useful!

For the past week I have been trying to set up an RSA SSH certificate for accessing my Ubuntu servers from PuTTY and Mac's SSH through a terminal. However I have been faced with some serious problems, thankfully the guys over at ubuntuforums.org could help me out. So here is a quick howto I wrote so that people don't have the same kind of trouble that I did.

Just to clear things up an SSH key is a way to secure your connection to SSH. By using a key you make one private and one public key that sort of match each other. You put the public key on the server and then use your private key to unlock it. It's a type of encryption.

First off lets start with making the key on a Mac:

Open up a terminal (Macintosh HD > Applications > Utilities > Terminal).

Now you can make a few different bit lengths (which is the how secure the key is). I think 2048 should be adequate, but you can put anything you would like.

So type the following to begin the process:

ssh-keygen -t rsa -b 2048

or

ssh-keygent -t rsa -b 4096

(whichever amount of security you prefer.)

You will then be prompted for a few questions.

Enter file in which to save the key (/home/username/.ssh/id_rsa): (Hit Enter)

This is the default place where the key is stored, keep it here so that you don't have to tell the computer where to find the key.

Enter passphrase (empty for no passphrase):

Please put in a passphrase, if you do not that means if the key gets out anyone can use it WITHOUT ANY PASSWORDS!

Enter same passphrase again:

After this your computer now has the public and private key pair in your computer. Now we have to put the public key onto the server.

While still in the terminal type the following:

nano /Users/YOURUSERNAMEHERE/.ssh/id_rsa.pub

This is a in terminal text editor, first off copy all of the text in that file, and then press ctrl + x to exit out of the editor. Once this is done SSH into your server.

Now navigate to your terminal or command prompt on the Ubuntu server and type the following:

nano /home/YOURUSERNAMEHERE/.ssh/authorized_keys

From here you can paste the data from the public key generated on your Mac. Make sure that it all fits onto one line.

Now test out your connection to make sure that it works from your mac, if all went well you should be prompted for the passphrase for the key.

Now the following steps are optional, these will make it so that all you can do is log in via a private key, this means you will no longer be able to use your username and password to log in.

Log in to your server via SSH and edit the following file by doing the following:

sudo nano /etc/ssh/sshd_config

Make sure that the following settings are as shown:

RSAAuthentication yes 
PubkeyAuthentication yes
PasswordAuthentication no
UsePAM no

Please do not use the comment function to ask for help! If you need help, please use our forum.
Comments will be published after administrator approval.
Submitted by Paxoria (not registered) on Thu, 2010-11-04 16:12.
You don't explain what computer's user name to use.  The server or the client?
Submitted by cbrowne (registered user) on Fri, 2010-08-27 17:23.

Good quick tutorial, I have used it many times.

I just want to point out a typo though:

 ssh-keygent -t rsa -b 4096 

"ssh-keygen" not "ssh-keygent"

 

 

Submitted by Anonymous (not registered) on Sun, 2010-05-23 17:18.

This page should be re-titled as these are not certificates. These are ssh PSK(pre-shared keys). Certificates have chains of authority signed by root CA, etc. 

 

Submitted by dahlgren (not registered) on Sun, 2010-01-17 21:37.
Thanks for posting this! It's straight forward and helpful.
Submitted by Ubuntu user (not registered) on Sun, 2009-11-08 00:26.

Thanks a lot!

 This is exactly what I was searching for, and it worked!

 

Greetz

Submitted by Adam M. Erickson (not registered) on Thu, 2009-10-22 15:28.

Don't listen to all the negative comments.

You were at the top of my google search and it worked.

I perfer to use vi editor but that is just a preference of mine.

 For others reading, if you are sick of being prompted for the remote root password because you ssh into 20 different servers a day this is very helpful indeed.

Submitted by RC3 (not registered) on Wed, 2009-07-22 21:36.

yes onion, bad analogy. This works very well. You must allready have ssh set up with passwords to follow this step by step. If you dont you will have to upload the .pub file and copy its contents to authorized_keys. Then turn off password auth.

 

Thanks  howtoforge........

Submitted by onion (not registered) on Sun, 2009-05-24 19:18.

This line:

  Once this is done SSH into your server.

I'm wondering how one could do this.......if it hasn't been set up yet.

 That's like saying:

1) remove gasoline from car

2) work on engine

3) start car

 How do we do #3?  There's no gas in there.

 

Submitted by Anonymous (not registered) on Thu, 2009-06-25 21:43.
that's a poor analogy. Also it assumes you have ssh access to the server in the first place. If you don't this won't help you. This is not a way AROUND security, it's a way to implement better security.