SSH – Adding Public Key Authentication for Ubuntu 16.04 LTS

  1. Check if the public key already exist on your local machine.
    $ locate id_rsa

    If they do, go to the step the copies the public key to your destination machine.

  2. If the public key doesn’t already exist, execute
    $ ssh-keygen

    For my purposes, I hit -enter- then -enter- again. It shows a pretty picture. Now we’ve got public and private keys.

  3. Now, it is time to deploy the public key to the destination servers of interest.
    $ ssh-copy-id userX@server1_ip
    $ ssh-copy-id userY@server2_ip

    If your ssh-copy-id does not work (like my Mac), then you have to manually cut and paste the contents of the local ~/.ssh/id_rsa.pub to the destination’s ~/.ssh/authorized_keys.

  4. Then, restrict access for all the authorized_keys files on all your servers.
    $ chmod 600 ~/.ssh/authorized_keys

    Tip: On one of my machines the owner of the authorized_keys was root and because of that, the public key authentication didn’t work and I was entering passwords. Had to chown it the desired user. This link pointed me in the right direction.

  5. Further lock things down by disabling password authentication on your destination ssh server.
    $ sudo nano /etc/ssh/sshd_config

    and then make sure this line exists

    PasswordAuthentication no

    To lock down at certain times of the day, check out this out.

  6. If you are a home internet user, it is likely that your IP address may change. Luckily, there are services around that let you publish your IP address to a known server. These servers are called dynamic DNS hosting. For my purposes I went with Duck DNS. It is simple to sign-up with and they provide detailed instructions under their “install” tab.

Steps condensed from this reference.