Put public key cryptography on Ubuntu server on VPS (Sakura's VPS (Virtual Private Server)). Ubuntu version: 18.04.5
Work from a Mac PC terminal or a tool such as Tera Term $ ssh ubuntu @ [IP address] $ sudo adduser [User name] $ sudo gpasswd -a [Username] sudo
Create a key pair and store the private key on the local PC and the public key on the server. $ mkdir ~ / .ssh #Create folder on server $ ssh-keygen -t rsa #Create key locally (no passphrase) $ ssh-copy-id -i ~ / .ssh / id_rsa.pub [User name] @ [IP address] # Place public key locally on server /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/Users/xxxxxxxxxxx/.ssh/id_rsa.pub" /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
Number of key(s) added: 1 Now try logging into the machine, with: "ssh'[User name] @ [IP address]'" and check to make sure that only the key(s) you wanted were added. #Public key creation and placement completed
Check the public key on the server. $ cat ~ / .ssh / authorized_keys #run on server ssh-rsa ****** Public key information ****** Check the private key on your local PC. $ cat ~ / .ssh / id_rsa #Run on local PC -----BEGIN OPENSSH PRIVATE KEY----- ****** Private key information ******
$ chmod 700 .ssh $ chmod 600 .ssh/authorized_keys
When logging in with ssh, password login is prohibited and only login with the public key with [User name] is allowed. I will mess with the config file, so back up the file just in case. $ sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.old
$ sudo vi /etc/ssh/sshd_config
In vi mode, delete the comment out'#' at the beginning of the item you want to enable, rewrite the setting value (yes, no, etc.) at the end and save. PermitRootLogin no PubkeyAuthentication yes PasswordAuthentication no PermitEmptyPasswords no AllowUsers [User name] $ sudo systemctl restart sshd # reflect command. Keep connected sessions just in case
Make sure you can log in to the server with your private key without entering a password. $ ssh [User name] @ [IP address] -i ~ / .ssh / id_rsa
Make sure you can't log in on Ubuntu. $ ssh Ubuntu @ [IP address]
Register the public key of the member so that members other than yourself can log in to the server. $ sudo vi ~/.ssh/authorized_keys ssh-rsa AAAABBB……XXX== ssh-rsa AAAACCC……XXX== ssh-rsa AAAADDD …… XXX == #… Register multiple keys like this.
the end.