How to Setup SSH Key Authentication to Linux

This how to consolidates several aspects of setting up SSH key access to a Linux server.

NOTE: We currently have two tutorials for this, that need to be consolidated into one. So, maybe this alternate tutorial fills your use-case: Ubuntu SSH Key Access

NOTE: If you are creating ssh keys for recent Ubuntu distributions, do not use RSA, as it is no longer an accepted key type (as of Ubuntu 21, I think). Use ecdsa instead.

SSH Server Setup

Follow this link to setup the SSH server on Ubuntu: Ubuntu: Setup SSH Server

Update SSH Config

The SSH service needs to be configured to disallow passwords, and to require SSH key authentication.
The following is list of actions to perform in the service configuration.

SSH Key File Name

NOTE: Not all ssh configuration files include the naming of the authorizedkeys file for users.
And, different flavors of Ubuntu and linux use different naming conventions for the SSH key file of a user.

So, we have to determine the file name for ssh key files, and make sure it is set in the config file, and we use the same name.

To find the ssh key file name, open the ssh config with the following:

sudo nano /etc/ssh/sshd_config

Locate the line in the config file with, AuthorizedKeysFile. Uncomment the line if necessary.

Make a note of the filename used. This will be needed when installing SSH keys.

Prevent Remote Root Login

This is also done in the ssh config file.

Locate the line with PermitRootLogin, and set it to no, like this:

Disable Password Authentication

This requires three changes in the ssh config file.

Locate the line with ChallengeResponseAuthentication, and set it to no, like this:

Locate the UsePAM line and set it to no, like this:

Locate the PasswordAuthentication line and set it to no, like this:

Disable interactive keyboard authentication by setting this:

KbdInteractiveAuthentication no

Save changes to the config file.

Restart SSH

With the changes made above, we need to restart the SSH service, with this:

sudo systemctl restart ssh

Linux Network Monitoring

Validating AD Machine Account

SSH Key Naming Convention

How to Get Host SSH Key Fingerprints

Creating SSH Keys in Windows

Authenticating to Linux Server with SSH Keys

Linux: Disabling Password Authentication

Adding SSH Keys with ssh-copy-id

Adding SSH Keys with CAT

Linux SSH Key Management

Ubuntu Host Setup

Ubuntu: Setup SSH Server

Ubuntu: Setup Static IP Address

Ubuntu: Set Hostname

Linux: Manually Installing SSH Keys

How to Setup SSH Key Authentication to Linux

SSRS: Export Reports Without WebPortal

SSRS Links

SSRS Server Pages

SSRS SSL Certificates

Adding a HSM Token to a VM

Code Signing Cert Setup

Generate Certificates with Hashicorp Vault

Hashicorp Vault Setup

Clustering HashiCorp Vault

HashiCorp Vault Cluster Unseal

Vault Wrapping Tokens

Vault Token Administration

Vault Single-Node Unseal

Vault Administrative Setup

Vault as Root CA

Vault as Intermediate CA

Handling Vault Node Restart

How to Setup SSH Key Authentication to Linux

SSH Server Setup

Update SSH Config

SSH Key File Name

Prevent Remote Root Login

Disable Password Authentication

Restart SSH

No Comments