How to set up SSH keys on Ubuntu Server 20.04

> [name=Mr. Akashic] [time=Thu, Mar 18, 2021] ## Implementation ### 設定SSH Keys 在本地端伺服器的terminal session輸入下列指令，按enter，來產生SSH的公鑰和私鑰文件。 ```bash= ssh-keygen ``` 接著詢問產生SSH的公鑰和私鑰文件是否儲存在預設的.ssh/子目錄下，按enter表示是。 ``` Generating public/private rsa key pair. Enter file in which to save the key (/your_home/.ssh/id_rsa): ``` 如果有之前產生的公鑰和私鑰的文件，會詢問是否覆蓋之前的文件，此範例選擇y，並按下enter。 ``` /home/your_home/.ssh/id_rsa already exists. Overwrite (y/n)? ``` 接著詢問是否要設定私鑰的保護密碼，在往後每次使用私鑰時都要先輸入保護密碼才能使用。若不設定保護密碼，按enter兩次。 ``` Enter passphrase (empty for no passphrase): ``` 完成產生SSH的公鑰和私鑰文件。 ``` Your identification has been saved in C:\Users\Admin/.ssh/id_rsa. Your public key has been saved in C:\Users\Admin/.ssh/id_rsa.pub. The key fingerprint is: SHA256:hTlSxaTxIUPd/fXLfd30oG3lQbYygXuAEzB7rH2KdrY admin@DESKTOP-G3K63IF The key's randomart image is: +---[RSA 2048]----+ | +B**... | | .+@o+...o.| | ..=o+ o +.+| | .+o . +.o=| | .S. ..o+=B| | . o . ooB| | o + . .| | . o . | | E | +----[SHA256]-----+ ``` ### 傳送本地端伺服器的SSH公鑰到遠端伺服器在本地端伺服器的terminal session輸入下列指令，會將本地端伺服器的公鑰文件(~/.ssh/id_rsa.pub)內容複製到遠端伺服器的~/.ssh目錄下的authorized_keys文件。 ```bash= ssh-copy-id username@remote_host ``` username改成remote server的使用者名稱;remote_host改成remoter server的IP address。如果本地端伺服器不認識遠端伺服器，會顯示如下訊息，輸入yes進行連線。 ``` /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/pi/.ssh/id_rsa.pub" The authenticity of host '192.168.0.101 (192.168.0.101)' can't be established. ECDSA key fingerprint is SHA256:we31/z5MXDYHqih5+3sQlN1GT7JfV8gLQOl1DdKWhD8. Are you sure you want to continue connecting (yes/no)? ``` 接著輸入遠端伺服器的連線密碼，完成後按enter。 ``` /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys pi@192.168.0.101's password: ``` 看到下面訊息，代表成功將本地端伺服器的SSH公鑰傳送到遠端伺服器。 ``` Number of key(s) added: 1 Now try logging into the machine, with: "ssh 'pi@192.168.0.101'" and check to make sure that only the key(s) you wanted were added. ``` ### SSH遠端連線登入伺服器輸入下列指令，就可以不用輸入密碼登入遠端伺服器。 ```bash= ssh username@remote_host ``` ## Introduction SSH(Secure SHell)是一種非對稱式加密的網路傳輸協定，常用在伺服器之間的管理和溝通。本文將介紹SSH keys的設定方式，然後使用SSH進行遠端伺服器連線。 ![](https://i.imgur.com/6wI4e4m.png) ## FAQ 當Server端的金鑰變更，造成Client端無法與Server端的金鑰吻合，就會出現以下訊息。 ``` @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that a host key has just been changed. The fingerprint for the ECDSA key sent by the remote host is SHA256:YXs0MRUZjTZBEuT1d0K0yb1h0bZa9fi51aEVTeOh4lQ. Please contact your system administrator. Add correct host key in C:\\Users\\Admin/.ssh/known_hosts to get rid of this message. Offending ECDSA key in C:\\Users\\Admin/.ssh/known_hosts:4 ECDSA host key for 192.168.0.132 has changed and you have requested strict checking. Host key verification failed. ``` 解決方式一: 移除Client端有問題金鑰(此範例為192.168.0.132的金鑰有問題)，再重新登入。 ```bash= ssh-keygen -R 192.168.0.132 ``` 解決方式二: 移除Client端所有的known_hosts(金鑰紀錄)，再重新登入。 ```bash= rm ~/.ssh/known_hosts ``` <style> .dark_orange { color: #FF8C00; background:#F6F6F6; border-radius:4px; padding-right:6px; padding-left:6px; } .sub_title { font-size: 25px; } .blockquote { background:#F6F6F6; } </style> ## Acknowledgements 1. [How to Set Up SSH Keys on Ubuntu 20.04](https://www.digitalocean.com/community/tutorials/how-to-set-up-ssh-keys-on-ubuntu-20-04) 2. [如何使用 SSH 遠端連線？](https://www.maxlist.xyz/2020/03/14/%E5%A6%82%E4%BD%95%E4%BD%BF%E7%94%A8-ssh-%E9%81%A0%E7%AB%AF%E9%80%A3%E7%B7%9A%EF%BC%9F/) 3. [Linux 的 SSH 安全加密連線指令使用教學、設定檔配置範例](https://blog.gtwang.org/linux/ssh-command-tutorial-and-script-examples/)