2

I installed Ubuntu Server (22.04) on an empty server and I am accessing it on my own computer through MobaXterm. For one of the applications I want to install on the server I need an SSH key. Since I am quite new to anything computer related, I was wondering if I need to generate the SSH key on the Ubuntu Server, on my own computer on which I am accessing the server through MobaXterm, or if I need to generate an SSH key on both the server and my computer.

Edit: The user I use on the server (the default "ubuntu" user as set with installing Ubuntu) is the same user I use on my own computer when connected to the server through MobaXterm. Does this influence anything regarding generating an SSH key or is this normally the case?

(Any explanation would also be greatly appreciated!) Thanks in advance!

cbass
  • 25
  • 1
    Does this answer your question? How can I set up password-less SSH login? – Artur Meinild Oct 12 '22 at 09:37
  • @ArturMeinild Thank you for linking this question! Just like the answer below it explains the ssh-keygen command. I am, however, wondering if only the computer with which I am connecting to the server (through a remote desktop software) needs an SSH key, and if it works when the local and remote user are the same. If you would happen to know anything about this, any help is greatly appreciated! – cbass Oct 12 '22 at 09:52

1 Answers1

1

Assuming both local (your "client" PC) and remote (Ubuntu "server") computers are running some decent version of Linux or UNIX (or Cygwin), the standard procedure is:

On the client (local user at local computer) run:

$ ssh-keygen

Append the contents of the file ~/.ssh/id_rsa.pub created on the client to the end of the file ~/.ssh/authorized_keys on the remote user at the remote server.

Create the remote folder ~/.ssh and the file, if it does not exist. Run also the following on the remote user at the remote server:

$ chmod 600 ~/.ssh/authorized_keys
$ chmod 700 ~/.ssh

The above procedure will create a passwordless ssh, scp, sftp, etc. access from the local user & computer to the remote user & computer. It should be repeated for each local user & computer to remote user & computer combination.

Note that the id and name of the local user is not related to the id and name of the remote user. They can be anything, however the ssh command defaults to the same user name at the remote computer if only the remote computer is specified (e.g. ssh remote_computer). If they are different, then the remote user name should be specified at the command line as well (e.g. ssh remote_user@remote_computer).

The files created by ssh-keygen on the local user's home directory at the local computer are these:

File Location and Name Permissions Usage
~/.ssh/id_rsa 0600/-rw------- Contains your private key. Nobody should have access to this file except your user.
~/.ssh/id_rsa.pub 0644/-rw-r--r-- Contains your public key. Can be freely appended to ~/.ssh/authorized_keys file(s) on other computers that your local user needs to access.

The file at the remote user should be like this:

File Location and Name Permissions Usage
~/.ssh/authorized_keys 0600/-rw------- Contains all the public keys that will allow clients to be connected to this user from other computers.

For more information, see man ssh and man sshd.

FedKad
  • 10,515
  • Thanks for your quick answer! Since I am quite new to anything computer related, I have a few questions just to make sure I am having the right idea. Is the local computer my own PC and the remote server the Ubuntu server? Also, I am using the same account on both the Ubuntu Server and my computer, which is the user created when setting up the Ubuntu Server, does this matter or is this normally the case? Thank you so much for your help! – cbass Oct 12 '22 at 09:40
  • I updated the answer. Please try it and upvote or accept it if it fits your needs. – FedKad Oct 12 '22 at 10:03
  • 1
    Thank you so much for all your help! (I sadly cant upvote the answer since I have to little reputation points to cast a vote but really appreciate the help) – cbass Oct 12 '22 at 10:08