SSH.md

SSH Authentication Setup with ssh-ed25519 Key on Ubuntu Server (Windows Client)

This guide will walk you through setting up SSH key-based authentication using ssh-ed25519 on an Ubuntu server, accessed from a Windows client via PowerShell. It includes generating the key, configuring the client .ssh/config file, and securing the SSH daemon on the Ubuntu server.

Table of Contents

1. Generate the SSH Key on Windows
2. Copy the Public Key to the Ubuntu Server
3. Configure SSH on the Ubuntu Server (/etc/ssh/sshd_config)
4. Configure the SSH Client on Windows (.ssh/config)
5. Test the SSH Connection

---

1. Generate the SSH Key on Windows

1. Open PowerShell (or Windows Terminal).

2. Generate the SSH Key: Run the following command to create an ssh-ed25519 key with a specified name.

   ssh-keygen -t ed25519 -f $HOME\.ssh\your_key_name"

   • -t ed25519: Specifies the key type.
   • -f $HOME\.ssh\your_key_name: Specifies the filename. Replace your_key_name with your preferred name.

3. Passphrase (Optional): You’ll be prompted to enter a passphrase. Press Enter if you prefer no passphrase.

4. Locate Your Key: After the command completes, you should see two files:

   • your_key_name (private key)
   • your_key_name.pub (public key)

---

2. Copy the Public Key to the Ubuntu Server

1. Copy the Key with scp: Run the following command in PowerShell, replacing username, server_ip, and your_key_name.pub as needed:

   scp $HOME\.ssh\your_key_name.pub username@server_ip:~/.ssh/temp_key.pub

2. Log Into the Server: Use the following command to log in (you may need to enter your password this first time):

   ssh username@server_ip

3. Add the Key to authorized_keys:

   • Once logged in, add the public key to the authorized_keys file on the server:

     cat ~/temp_key.pub >> ~/.ssh/authorized_keys

   • Set permissions for the authorized_keys file:

     chmod 600 ~/.ssh/authorized_keys

   • Remove the temporary file:

     rm ~/temp_key.pub

4. Verify Permissions: Make sure the .ssh directory and files are secure:

   chmod 700 ~/.ssh
   chmod 600 ~/.ssh/authorized_keys

---

3. Configure SSH on the Ubuntu Server (/etc/ssh/sshd_config)

For added security, you can configure the SSH daemon (sshd) on your server.

1. Open the SSH configuration file:

   sudo nano /etc/ssh/sshd_config

2. Edit the Configuration:

   • Find and update the following settings (uncomment them if needed):

     # Disable password authentication to require key-based auth only
     PasswordAuthentication no
     
     # Allow only the specified key type for additional security
     PubkeyAcceptedKeyTypes ssh-ed25519
     
     # Restrict to specific users, if desired
     AllowUsers username
     

3. Save and Close: Press Ctrl + X, then Y, and Enter to save changes.

4. Restart the SSH Service:

   sudo systemctl restart ssh

---

4. Configure the SSH Client on Windows (.ssh/config)

This will configure the SSH client on Windows to use the generated key automatically.

1. Open PowerShell and create/edit the SSH config file:

   notepad $HOME\.ssh\config

2. Add the Server Configuration:

   Host your_server_alias
       HostName server_ip
       Port 22
       User username
       IdentityFile ~/.ssh/your_key_name
   

   • Host: Alias for your server. Replace your_server_alias with a name you’ll use to connect.
   • HostName: The IP address or domain of your server.
   • Port: SSH port (default is 22).
   • User: Your username on the server.
   • IdentityFile: Path to your private key.

3. Save the File and close it.

---

5. Test the SSH Connection

Now, you can connect to your server using the alias configured in the .ssh/config file:

ssh your_server_alias

If everything is set up correctly, you should connect to your server without a password prompt.

---

This setup secures your SSH connection by enforcing key-based authentication on the server and client, reducing the risk of unauthorized access.