Rafał Kamiński

BlogAbout
YoutubeGithubLinkedin

Setting up SSH for Ubuntu Server 23

Prerequisites

  • Local system: Ubuntu + most other Linux distributions

  • Remote system: Ubuntu + most other Linux distributions, open SSH port (22)

Basic remote setup

After getting the fresh-new server, people regularly struggle with properly setting up the connection from the local system. Most of the time we get login info from the service provider including IP address, account name and password. Account name is probably ubuntu. We connect via SSH.

ssh ubuntu@100.100.100.100

We are asked for a password and after providing it we are logged in. If we want to back to our local computer we simply execute exit command. But for now let's work remotely. ubuntu is not a great nickname, so we are going to set up an account for ourselves. To that purpose generally we use high-level adduser command, although it may not be available on all distributions.

sudo adduser akmere

adduser will create a user, a special group for this user and set up home directory like /home/akmere, you will choose a new password for it in the process. You may want to use some password generator so your server won't be too vulnerable. However, if this is the account you wish to use for all purposes, you probably should get superuser rights. You do this by adding your user to sudo group. Remember to perform this action with a user who already has superuser rights! That should be your initial account, ubuntu.

sudo usermod -aG sudo akmere

Now you can log into your newly created account!

su akmere

as well as login into it later from a local computer using ssh.

ssh akmere@100.100.100.100

Nevertheless you still will be prompted for a password every time. That seems obviously for the best, although there is also a more handy way...

Using SSH keys for logging in

Keys are quite a basic concept. If you have a proper key you can open some specific door. You can have a key but without a proper door, it is useless. In ssh specifics it's more complicated, but if you want to be able to connect to some remote server you should have a private key and a public key. The first always stays on your computer and the other one can be shared through the Internet.
Firstly (on your local computer) generate the keys using ssh-keygen command.

ssh-keygen

You will be asked to choose a name, find one that will clearly denote the remote server. You can also choose a passphrase to be even more secure but it is not required. Now keys are generated, name (private key) and name.pub (public key).
Now do one thing that will spare you multiple headaches later when your key gallery grows. Edit or create a file at ~/.ssh/config and put there 2 new lines as follows.

Host 123.456.789.012
        IdentityFile ~/.ssh/name

This will explain to your ssh client when to look for a key when connecting to the given host. Otherwise it would try every one possible and in the end lead to security errors. For every new host, you should add another lines.
Ok, so you have a key now, even two of them, but keys without the door are useless, remember? You can set them up using ssh-copy-id command. You use this command in your local computer.

ssh-copy-id -i name -o PubKeyAuthentication=no akmere@100.100.100.100

After -i you specify your identity (private key) file. -o PubKeyAuthentication=no is just another way of sparing yourself a headache later, it means that you disable key authentication, you prefer to use a password for now. After this command is executed, the door is ready to be opened regularly by your key pair! Now if you try connect via ssh you should no longer be asked for a password.

Additional setup

ssh akmere@100.100.100.100

Quite nice. But what would be even nicer? Not copying this stupid IP address every fricking time... If you use bash shell in your local system, what should be the default, edit your ~/.bashrc file and put somewhere special alias for connecting to your remote server.

alias remote='ssh akmere@100.100.100.100'

Now if you close and open the terminal again, you will be able to just write remote and be connected to your server right away! ~/.bashrc file is executed every time you open terminal (if you use bash). If you use zsh, that file would be ~/.zshrc. You can also force executing it at any moment by

source ~/.bashrc
linux