Setting Up An SSH Certificate For Ubuntu From A Mac
This howto should help you with setting up an RSA public and private key setup from a Mac to an Ubuntu box. Of course, this should be possible with other OS's but I have not tested it. Please post if it was useful!
For the past week I have been trying to set up an RSA SSH certificate for accessing my Ubuntu servers from PuTTY and Mac's SSH through a terminal. However I have been faced with some serious problems, thankfully the guys over at ubuntuforums.org could help me out. So here is a quick howto I wrote so that people don't have the same kind of trouble that I did.
Just to clear things up an SSH key is a way to secure your connection to SSH. By using a key you make one private and one public key that sort of match each other. You put the public key on the server and then use your private key to unlock it. It's a type of encryption.
First off lets start with making the key on a Mac:
Open up a terminal (Macintosh HD > Applications > Utilities > Terminal).
Now you can make a few different bit lengths (which is the how secure the key is). I think 2048 should be adequate, but you can put anything you would like.
So type the following to begin the process:
ssh-keygen -t rsa -b 2048
ssh-keygent -t rsa -b 4096
(whichever amount of security you prefer.)
You will then be prompted for a few questions.
Enter file in which to save the key (/home/username/.ssh/id_rsa): (Hit Enter)
This is the default place where the key is stored, keep it here so that you don't have to tell the computer where to find the key.
Enter passphrase (empty for no passphrase):
Please put in a passphrase, if you do not that means if the key gets out anyone can use it WITHOUT ANY PASSWORDS!
Enter same passphrase again:
After this your computer now has the public and private key pair in your computer. Now we have to put the public key onto the server.
While still in the terminal type the following:
This is a in terminal text editor, first off copy all of the text in that file, and then press ctrl + x to exit out of the editor. Once this is done SSH into your server.
Now navigate to your terminal or command prompt on the Ubuntu server and type the following:
From here you can paste the data from the public key generated on your Mac. Make sure that it all fits onto one line.
Now test out your connection to make sure that it works from your mac, if all went well you should be prompted for the passphrase for the key.
Now the following steps are optional, these will make it so that all you can do is log in via a private key, this means you will no longer be able to use your username and password to log in.
Log in to your server via SSH and edit the following file by doing the following:
sudo nano /etc/ssh/sshd_config
Make sure that the following settings are as shown:
RSAAuthentication yes PubkeyAuthentication yes PasswordAuthentication no UsePAM no