Ubuntu – How To Login to VPS Using SSH/RSA Keys

keysopensshssh

I followed the instructions here and created a set of ssh keys (rsa) whilst logged into a vps as root. Encryption level 4096 as suggested…

The keys were already on the host so no need to transfer…

But the instructions fell apart at:

"You can make sure this worked by doing:"

ssh <username>@<host>

That's it, I don't understand what I need to do next. i.e. root@vpsIPaddress.

1 – Where do I do that?
2 – Can I use the same to login as a different user?

I cant get past this point as the instructions seem very unclear to me as to how I actually login using the keys instead of the password.

The lines below are in the sshd_config (but not sure what the ssh_config is for?)

RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile  %h/.ssh/authorized_keys
AuthorizedKeysFile /etc/ssh/rootuser/authorized_keys

In the home/ubuntu/.ssh directory there is an authorized_keys file too.

Hope that is enough info.

Best Answer

I don't quite understand what you mean by 'the keys were on the host, so no need to transfer', but think it might be due to you creating the keys on the VPS, rather than the client machine (your desktop). This is the wrong way up, which is a really common mistake when you're getting used to this system.

The keys are supposed to be created on the client, on a per-user basis, the default location for an Ubuntu client is the /home/username/.ssh/ directory. The private key which shouldn't be shared, is called id_rsa by default, the public key is called id_rsa.pub by default. If you're connecting from a windows client, I think the keys are in C:\Users\username\.ssh\.

You then share your public key with the (host) server, which puts the key in an authorised keys file. The command to do this is:

ssh-copy-id <username>@<host>

Where <username> is the username that you want to log in as on the VPS, and <host> is the IP address of the VPS. There are further things to add to this command if you have chosen a different name or location for your created ssh keys, or if your server uses a non-standard port for ssh.

This file holds keys which are allowed to be used to log on as that user, on that system, from your desktop machine, and any other machines that are authorised. The authorised keys file is normally also per-user, but on the host system. If it is a per-user file, it'll be found at /home/username/.ssh/authorized_keys.

Related Solutions

Ubuntu – Error `could not load host key` when trying to recreate SSH host keys

sudo ssh-keygen -f /etc/ssh/ssh_host_rsa_key -N 'myverylongpasswordhere' -b 4096 -t rsa
recreates me the keys. but, after restarting the server, i recieve
could not load host key: /etc/ssh/ssh_host_rsa_key

You create a hostkey with a password. Is there any customization to unlock that hostkey? If not, then I think that is what is to be expected: the script that manages the service starts up, tries to load the hostkey, and fails. As far as I know you shouldn't create hostkeys protected with passwords.

If you are interested in hardening your SSH server then I recommend reading https://stribika.github.io/2015/01/04/secure-secure-shell.html the command used to create the hostkey in that document is:

ssh-keygen -t rsa -b 4096 -f ssh_host_rsa_key

But you should read the entire document before making any changes.

Ubuntu – SSH Permission denied (using right password)

Instead of using the hostname of the server, try using the ip-adres.
I ran into the same problem when setting up my server and this seemed to resolve the problem.

ssh [username]@[host_ip-adres]

If you want to use the hostname you might need to set up a dns-server.
but you can do without.

Best Answer

Related Solutions

Ubuntu – Error `could not load host key` when trying to recreate SSH host keys

Ubuntu – SSH Permission denied (using right password)

Related Question