As we recently changed to Ubuntu Mate 15.10 on one of our laptops we had to set up a new SSH config as Putty isn’t the best way to use SSH Linux from our point of view. Writing the address all the time you access a server can be tedious. And If you’re in the same situation as we are, where you have different servers, with different passwords and keys to remember – then configuring your SSH with aliases is the proper way to go. It’s a much more elegant solution than having to remember everything all the time.
To accomplish this we have to set up a config file in /.ssh of your user, we also have to store the keys in some directory and finally put it all together. In this guide we will use “testuser” as the user, and setup server1 & 2.
-
install SSH
$~: sudo apt-get update && sudo apt-get install openssh-server
-
generate a new stronger key
$~: cd /home/testuser
$~: sudo ssh-keygen -b 521 -t ed25519
Save the key to /home/testuser/.ssh/id_rsa
If it asks you to overwrite existing key, answer “yes”.Save the key with or without passphrase, we prefer without because a 4096 bit key is strong as it is, and as we do daily backups we can’t use a passphrase. But, this is totally up to you, depending on what you prefer.
Enter passphrase (empty for no passphrase): [PRESS ENTER]
Enter same passphrase again: [PRESS ENTER]
-
create the keys dir
$~: sudo mkdir /home/testuser/.ssh/keys
In our setup we have one folder for each server, but you could just store all the keys in one folder, it makes no difference.
-
Generate new keys for each server you want to connect to
Same thing here – no passphrase.
Enter passphrase (empty for no passphrase): [PRESS ENTER]
Enter same passphrase again: [PRESS ENTER]
Server 1
$~: sudo ssh-keygen -b 521 -t ed25519 -C "server1"
Change the location of where the key is saved
Enter file in which to save the key (/Users/you/.ssh/id_rsa): /home/testuser/.ssh/keys/server1
Server 2
$~: sudo ssh-keygen -b 521 -t ed25519 -C "server2"
Change the location of where the key is saved
Enter file in which to save the key (/Users/you/.ssh/id_rsa): /home/testuser/.ssh/keys/server2
-
check that the keys where generated
$~: ll /home/testuser/.ssh/keys
If everything went fine, you should have 2 sets of keys in your keys dir
-rw------- 1 root root 3243 okt 15 18:27 server1 -rw------- 1 root root 734 okt 15 18:27 server1.pub -rw------- 1 root root 3243 okt 15 18:28 server2 -rw------- 1 root root 734 okt 15 18:28 server2.pub
-
Create a config file for the ssh hosts
$~: sudo nano /home/testuser/.ssh/config
-
Edit the config file
# Name
Host = The name you use as alias
Hostname = The host you connect to
User = User on remote server
IdentityFile = Where you store your keys on the local machine# server1 Host server1 Hostname 192.168.1.113 User user1 IdentityFile /home/testuser/.ssh/keys/server1 # server2 Host server2 Hostname server2.example.com User user2 IdentityFile /home/testuser/.ssh/keys/server2
-
Change permissions of the keys dir
$~: sudo chmod -R 600 /home/testuser/.ssh/keys/
-
Connect to the remote server
Now you’re all set to connect to the remote server, but as we have done the setup with keys, there are just a few more things we have to configure on the remote server. But for now, at least the aliases should work. To login you simply just type
$~: ssh server1
As the keys won’t be accepted by the remote server yet, you will have to type your password the first time. Once you’ve checked that it works, we now have to copy the key from the local server to the remote server. You could use ssh-copy, but we prefer to do it manually.
-
Exit the remote server
$~: exit
-
COPY THE SSH PUBLIC KEY FROM YOUR local server
$~: cat /testuser/.ssh/keys/server1.pub
Depending on if you ‘re using Putty or not, there are different ways of copying. In Putty you just mark the text. In my system CTRL+C works.
The key looks like this
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDmDrYM9SAbIxJTh06CUpdVZrVRct8H3FbuGlM8NlPAUxG6Dof/fVmwjBI0cuE++ehDdqa1qH6lyKdzBN6IjtSSUAQ9bphyBAfdTOritXdakjvwyvquwyqgpuwblcyrgoqrbvliwcwicuwiufbiOhP8USN2p9kRg22KH+F2G18AmcrW7cVbJj4f88S8DVXh0gC0zW2aPTYfKLWppmkY2fw8KnuIOUpVHwAkv+J5eaN4IsvCfTe/+H1CJFQdu70fX6F2wKo/4ziN3xCBlwpqNDiH6wKhbzd4sw== testuser
-
Connect to your remote server
$~: ssh server1
-
GO TO server1 AUTHORIZED_KEYS
Depending on your SSH setup the directory could be different. The easiest is to store them in root, and then the folder path would be like this:
$~: vi /user-on-server1/.ssh/authorized_keys
Paste the content from step 11 to server1 authorized_keys. To insert, press [SHIFT+i]
SAVE VI WITH
:wq!
-
Exit remote server and test you new config
$~: exit
-
TEST SSH IN TO server1 FROM THE local server WITH
$~: ssh server1
If this works without having to enter a password you can go ahead with next step, if it doesn’t work – fix the issue first. Next step will lock you out of your system if the key is wrong.
EDIT THE SSHD_CONFIG ON server1
$~: vi/etc/ssh/sshd_config
Don’t allow passwords, look for this row.
# Change to no to disable tunnelled clear text passwords PasswordAuthentication no
This will disallow to login with password, and only accept keys for better security.
-
save and exit
Repeat step 9 – 17 for server 2.