SSH (secure shell) is a more secure way of accessing remote Linux systems. While working with Linux based systems, one would spend a lot of time on the terminal. SSH give a more secure way of executing commands on remote Linux systems from the terminal as compared to using user-password authentication since it is encrypted and therefore is highly recommended for all users.
How do ssh keys work?
An ssh session is a client-server model, whereby the remote computer runs a service called ssh while local also runs ssh client. SSH listens on default port 22 and has to be enabled on the remote server. The default port can, however, be changed to enhance security. Once an ssh connection is established, the commands typed on the local computer are sent and executed on the remote computer over an encrypted SSH tunnel.
How SSH authenticate users
Most people generally use user-password authentication to access remote servers but it is not recommended as it is less secure. Hackers are always on the hunt to crack passwords and get access to people’s systems. With SSH keys, it makes it more difficult for a hacker to decrypt SSH keys. In order to access a server with ssh keys, one must generate the encrypted key combination and copy the public key to the remote computer.
This is copied in the list of authorized keys in ~/.ssh/authorized-keys. Note that the public key can be shared freely but the private key must be kept secured and never to be exposed to anyone. In this guide, we will be looking at how to set up ssh keys on Linux Mint 22.
Generate SSH keys
The first thing to do to authenticate to a remote computer is to generate ssh key pair on your local computer. Open the terminal and run the command below:
ssh-keygenOnce you press Enter the system will begin to generate ssh key pair. By default, ssh-keygen will generate a 2048-bit RSA key pair which is secure enough but you can always pass a flag -b 4096 to generate a 4096-bit key. You will be prompted to enter a file to save the key.
generating public/private rsa key pair.
Enter a file in which to save the key (your_home/.ssh/id_rsa):Press Enter to save in the default location with the default key names. If you had previously generated a key pair, you might see the below prompt:
/home/your-home/.ssh/id_rsa already exists.
Overwrite (y/n)? yIf you choose to overwrite, you will lose the previous key and you will not be able to authenticate with it. If you want to keep the previous key, you can specify a different name for the new key.
Next, you will be prompted to enter a passphrase.
Enter passphrase (empty for no passphrase):Here, you will optionally choose to use a passphrase but it is recommended as it adds another layer of security to your ssh key authentication. Ensure to keep to passphrase secure and always remember it. Type your passphrase and press Enter. You will be prompted to enter the passphrase again. Type the passphrase again and press Enter.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/cloudspinx/.ssh/id_rsa.
Your public key has been saved in /home/cloudspinx/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:l7jO9w52yi3tDRmAA/yJExIoYyfS5B+uE54hENf/I/8 cloudspinx@Linux-Mint
The key's randomart image is:
+---[RSA 3072]----+
|.ooo.o. |
|+*o.o o. . |
|+o+ .o +o.. |
|. o .+ oo o |
|. o o oS o . |
| o = . oo o |
| = o..o.+ |
| . o.oo=.o |
| ooE== . |
+----[SHA256]-----+You have successfully generated your ssh key pair. You can view your keys by changing to the directory where the key pair is saved and listing its content.
cd /home/$USER/.ssh/
lsSample Output:
id_rsa id_rsa.pub known_hostsCopy public key to the remote server with ssh-copy-id
Linux provides a utility called ssh-copy-id that makes it quite simple and fast to copy the public key to the remote computer’s list of authorized keys. Run the command as shown below:
ssh-copy-id username@remote-user-IPOnce you press Enter, you will be prompted to enter remote server password. Upon entering the password and pressing enter, your public key will be copied to your remote server. You will see an output as below.
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
[email protected]'s password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh '[email protected]'"
and check to make sure that only the key(s) you wanted were added.Copy public key to the remote server without using ssh-copy-id
You can also use the command below to copy your public key to the remote server authorized keys without necessarily using ssh-copy-id utility.
cat ~/.ssh/id_rsa.pub | ssh username@remote-host-IP "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"You will be prompted for the remote computer access password which upon entering and pressing Enter, your public key will be copied.
Copy and paste the public key to the remote server
You can also manually copy the public key, access the remote server with username and password authentication and paste to the authorized keys file in the remote computer.
On your local machine, display the content of your public key using cat command:
cat ~/.ssh/id_rsa.pubCopy the content. On your remote server create a directory ~/.ssh/authorized_keys:
mkdir ~/.ssh/authorized_keys
vim ~/.ssh/authorized_keysPaste the content of the public key and save the file.
At this time, you have successfully copied your public key to the remote computer. Test connection as below:
ssh user@remote-computer-IPSample Output:
Enter passphrase for key '/cloudspinx/.ssh/id_rsa':
Welcome to Ubuntu 24.04.2 LTS (GNU/Linux 6.11.0-21-generic x86_64)
* Documentation: https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support: https://ubuntu.com/pro
Expanded Security Maintenance for Applications is not enabled.
0 updates can be applied immediately.
10 additional security updates can be applied with ESM Apps.
Learn more about enabling ESM Apps service at https://ubuntu.com/esmAdd ssh keys to ssh agent: ssh-agent and ssh-add commands
What is ssh-agent? Ssh-agent is used for managing ssh keys. For example, if you have a passphrase and you do not want to type it every time you use SSH keys, then you can add you key to ssh agent.
First start ssh-agent in the background by running the below command:
eval “$(ssh-agent -s)”Sample Output:
Agent pid 24344Now add your private key to ssh-agent:
ssh-add ~/.ssh/id_rsaYou will be prompted to enter your passphrase. The next time to access the remote server, ssh-agent will remember your key and passphrase and you will not be prompted for anything.
How to copy files over SSH with scp
Once you have a working ssh session between a local computer and a remote computer, you can transfer files between the two by using scp command.
Copy files from local to remote over ssh
On your local machine, run the following command to copy files from your local machine to your remote computer:
scp <path-to-local-file> user@remote-IP:<path-on-remote>Since you already have the public key in the remote computer, the file should copy without a problem.
Copy files from remote to local over ssh
On your local computer, run the below command to copy from remote computer to your local computer.
scp user@remote:<file-to-send> <file-to-put-on-local>If it is a folder you are copying add a -r as shown
scp -r user@remote:<file-to-send> <file-to-put-on-local>Install openssh-server on Linux Mint 22
To be able to use SSH for remote connection, the remote server must have ssh service running while local computer runs ssh client. To enable ssh on the remote server, install openssh-server if ssh service does not already exist. To install openssh-server on Linux Mint 22, run the below commands:
sudo apt update && sudo apt install openssh-serverSSH service should automatically start once install. Check status using the below command:
sudo systemctl status sshSample Output:
Enable ssh to always start on system boot:
sudo systemctl enable sshNow allow ssh service through the firewall.
sudo ufw allow ssh
sudo ufw enableChange SSH default port
SSH service listens on default port 22. For security purposes, it is recommended to change it. Open ssh configuration file and make the changes as shown:
sudo vim /etc/ssh/sshd_configLook out for the line port=22 and put a different port number of your choice. Save the file and restart ssh service.
sudo systemctl restart sshOpen the new port on the firewall:
sudo ufw allow 2022/tcpTo access the remote server, you will need to specify the port number on your command as shown:
ssh user@remote-IP -p 2022This has been a step by step guide on how to use SSH keys authentication on Linux Mint. Enjoy!
Recommended Linux Books to read:
- Best Linux Books for Beginners & Experts
- Best Linux Kernel Programming Books
- Best Linux Bash Scripting Books
- Top RHCSA / RHCE Certification Study Books
- Best Top Rated CompTIA A+ Certification Books
- Best LPIC-1 and LPIC-2 certification study books
Some more articles from us:
