Settings for SSH connection from Windows to Ubuntu using public key authentication

at first

This article is for people who want to SSH from Windows to Ubuntu (Debian OS) using VPS. We explain it carefully so that even beginners can understand it properly.

Operation confirmed environment

Client OS: Windows 10 OS Build 19042.685 Server OS: Ubuntu 20.04.1 LTS

1. Add a general user

First, log in to your VPS website and open the console. Then log in to the server as the root user.

After logging in, first create and add a general user. Since the root user is free to execute all commands, there is a risk of accidentally deleting files or overwriting settings. To avoid this situation, we usually work with a highly secure general user.

1) Create a general user

$ useradd -m USER_NAME

To create a general user called hoge, it will be as follows.

example


$ useradd -m hoge

With the -m option, the user's home directory will be created with it.

2) Create a password for general users

Set a password to prevent someone from using the user without your permission. You will need this password to log in and to use the sudo command described below.

$ passwd USER_NAME

To create a password for the user hoge:

example


$ passwd hoge

You will be prompted to enter the password, so enter the password. Nothing is displayed when I enter it, but I entered it correctly. Please be assured that it is such a specification.

Enter the same password again and you're done.

3) Add to sudo group

General users usually do not have administrator privileges, so some commands cannot be used. However, by adding a general user to the sudo group and granting administrator privileges, even general users can use all commands.

$ usermod -aG sudo USER_NAME

With the -aG option, the user will belong to a new group in addition to the group they already belong to.

To add the user hoge to the sudo group:

example


$ usermod -aG sudo hoge

Now that the general user settings are complete, switch from the root user to the general user.

$ su USER_NAME

To switch to the user hoge:

example


$ su hoge

2. Set up public key authentication

For those who want to know the mechanism of public key authentication, we will briefly explain the mechanism. When building this mechanism, first create a public key and a private key using something called RSA cryptography. It doesn't matter who you show the public key to, so keep it on the server. The private key should not be shown to a third party, so keep it in a safe place on the creator's terminal. By arranging the public key and private key in this way, extremely secure communication is possible.

1) Create public and private keys

Now, let's create the key. First, create a .ssh directory directly under your home directory so that you can see where the key is at a glance.

$ cd

$ sudo mkdir .ssh

Running the cd command will take you to your home directory.

Then open the command line on the client (in this case a Windows PC) and run the ssh-keygen command. If you are asked Enter file in which to save the key: and do not enter anything, a .ssh directory will be created directly under your home directory, and your public and private keys will be directly under your .ssh directory. It will be created. Personally, I recommend putting the key in the default location (the .ssh directory directly under your home directory). The reason is that you can save time when creating the config file described later.

ssh-keygen -t rsa -b 4096

The -t option allows you to specify the encryption method, and the -b option allows you to specify the key length. For security reasons, specify a key length of 2048 bits or 4096 bits when using RSA encryption.

2) Copy the public key to the server

This time the public key must be on the server. Therefore, run the scp command to copy the key to the server.

cd .ssh

scp id_rsa.pub USER_NAME@IP_ADRESS:~/.ssh

If you did not specify a name when generating the two keys, the public key will be named id_rsa.pub and the private key will be named id_rsa. ~ represents your home directory. The public key is copied to the directory specified at the end.

If the server's global IP address is 160.251.22.228 and you want to pass the public key to a user named hoge:

example


cd .ssh

scp id_rsa.pub [email protected]:~/.ssh

3) Add the public key to the authorized_keys file

Return to the server console. In the current state, the public key cannot be used for SSH connection. To be able to use your public key, you need to create a authorized_keys file directly under the .ssh directory and add your public key to that file.

$ cd .ssh

$ cat id_rsa.pub >> authorized_keys

4) Edit sshd_config and restart ssh

Edit the file sshd_condfig to make your SSH connection more secure.

$ cd /

$ sudo nano etc/ssh/sshd_config

I'm sorry for Vimmer, but I haven't mastered Vim yet, so I've shown an example of editing with nano. Here, we will briefly explain how to operate the nano editor for beginners. In the nano editor, you can move the cursor with the arrow keys. You can also save your edits with Ctrl + S and end your edits with Ctrl + X.

First, look for the part that says Port. Remove the # at the beginning of Port and change the number 22 to a port number other than well-known ports (0-1023) (a hard-to-guess number such as 3611). Then find the place that says PermitRootLogin and change yes to no. Next, look for the part that says PubkeyAuthentication, delete the#at the beginning, and make sure that PubkeyAuthentication is yes (if it is not yes). Change it to yes).

Since we will use public key cryptography this time, we will not make an SSH connection with a password. Password login is prohibited as you should not authorize anything you don't need. Find the place that says PasswordAuthentication and change yes to no. This is the end of editing this file. Save the file by overwriting and finish editing.

Restart the ssh file for the changes to take effect.

$ sudo etc/init.d/ssh restart

5) Test the SSH connection

Open the command line of the client (Windows PC in this case) and test the SSH connection.

ssh USER_NAME@IP_ADDRESS -p PORT_NUMBER

Use the port number described in sshd_config.

If the global IP address of the server is 160.251.22.228 and the user hoge logs in to port 3611, it will be as follows.

example


ssh [email protected] -p 3611

If you can log in, the public key authentication settings are complete! !!

3. Make settings for easy SSH connection

Since the command is long as it is now, it is a little troublesome to connect with SSH. In fact, there is an easier way to connect.

1) Create a config file

You can make an SSH connection with a shorter command by creating a config file in the .ssh directory directly under your home directory. Open the command line of the client (Windows PC in this case) and create a config file.

exit

cd

cd .ssh

type nul > config

notepad config

Exit the ssh connection with exit. Then create an empty config file with type nul> config. Run notepad config to launch Notepad to edit the config file. Write the following contents in the launched Notepad.

host LOG_IN_NAME
    user USER_NAME
    hostname IP_ADRESS
    port PORT_NUMBER

Then save the file and close Notepad. In the config file, there is an item called identityfile that specifies the path of the private key, but this item can be omitted. If you omit the description of identityfile, the private key named id_rsa in ~/.ssh (.ssh directory directly under your home directory) will be used for SSH connection. That's why I recommended creating a .ssh directory directly under your home directory. Even if you do not need to write identityfile, you can dare to write identityfile to explicitly indicate the private key path.

If you want to do that, it looks like this:

host LOG_IN_NAME
    user USER_NAME
    hostname IP_ADRESS
    port PORT_NUMBER
    identityfile ~/.ssh/id_rsa

If the global IP address of the server is 160.251.22.228 and you want to log in to port 3611 with the command ssh hogehoge as the user hoge, it will be as follows.

example


host hogehoge
    user hoge
    hostname 160.251.22.228
    port 3611

2) Check if SSH connection is possible using config file

Let's check if the config file is set correctly. Try an SSH connection using the word after host in the config file.

ssh LOG_IN_NAME

If you write the word hogehoge after host, the command will be as follows.

example


ssh hogehoge

If you can log in, the configuration file settings are complete! !!

Recommended Posts

Settings for SSH connection from Windows to Ubuntu using public key authentication
How to SSH into Ubuntu from a terminal with public key authentication
RDP connection from Windows 10 to Ubuntu Desktop 20.04
Sakura VPS Ubuntu public key cryptography settings
I was a little addicted to ssh connection from mac to linux (ubuntu)
How to Burning a Install Disk of Windows from Ubuntu
Gradle settings for using JUnit 5
Shortcut comparison for those migrating from Eclipse to IntelliJ IDEA (Windows)
[Ssh server] ubuntu ssh server construction-ssh connection from inside and outside the LAN