In the previous notes, we have successfully completed the server installation and virtual network configuration. In this article, we will configure SSH remote login for the server to further simulate our interaction with the server in a real development environment.

Introduction of SSH

Before starting the configuration, let’s take a brief look at SSH. SSH is a protocol that provides remote login in a Secure way and is currently the preferred way to remotely manage Linux systems.

SSH can be roughly regarded as a Client/Server (C/S) structure. To use SSH to manage remote servers, you need to deploy the Openssh-Server service on the remote Server and configure the Openssh-Client service on the local Server.

Let’s deploy the SSH service step by step 🙂

The service side

Check whether openssh-server: service SSHD status is installed on the server

As you can see, OPENssh-server has been installed on my server and starts automatically after startup.

If you don’t have openssh-server installed on your server, you can install openssh-server with sudo APT install openssh-server. Sudo systemctl enable –now SSHD

At this point, the SSH service on the server is available.

The client

Password to login

Openssh-client: Openssh-client: OpenSsh-client: OpenSsh-client: OpenSsh-client: OpenSsh-Client

  1. Go to Settings and choose Apply.

  2. Select “Optional Features”

  3. As you can see, I have openssh-Client installed on my machine

  4. If you don’t already have it on your machine, click “Add Features” to search for it

  5. Open PowerShell and try SSH < server username >@< server IP> (username and IP have been configured in the last two notes)

  6. After entering the password, you can log in to the server on the local PC

The key to log in

If you only use one server for basic applications and use strong passwords, password login is actually sufficient.

But in a real world, we might have multiple servers, and administrators would automate operations through scripts. If you had to enter a password for each server, the whole process would be inefficient.

In this case, you can use the SSH key to log in.

Introduction to the

Before starting the configuration, let’s introduce SSH key login briefly:

  1. Client passAsymmetric encryption algorithmGenerates a pair of keys containing a public key (key) and a private key (key.pub), the public key and private key form a one-to-one correspondence
  2. The private key file is stored on the client side and the public key file is placed on the server side
  3. After the client initiates an SSH connection request, it identifies the client using the private key
  4. After receiving the request from the client, the server checks whether the corresponding public key exists. If yes, the server allows the login. If no, the server denies the login

configuration

Next, we configure Openssh-Client in the Ubuntu Desktop environment and use the key to log in

  1. First of all, we confirm the openssh – whether the client has been installed: apt list – installed | grep – ne SSH

    As you can see, I have openssh-Client installed on my machine. If not installed, Linux distributions using APT for package management can be installed by sudo APT install openssh-client

  2. Generate a key pair: ssh-keygen -t < Encryption algorithm > -b < Key length > -f < Path and name of the key pair > -c “< Key pair Comment >”

    • The common key types and recommended lengths are as follows:

      Key type Suggested length Characteristics of the
      ecdsa 521 The key type is recommended and has good compatibility
      rsa 2048 Has the best compatibility, but its security is gradually decreasing
      dsa 1024 Its original form is no longer recommended
    • In some SSH key login tutorials I have seen, you are instructed to enter the key file twice in a row when creating the key. This operation means that the key file password is left blank, that is, Openssh-Client can read the key file directly without entering a password to unlock it. However, in practical applications, it is more recommended that the user login key be set with password encryption, while the automatic script login key is not set with password encryption (but its permissions need to be limited on the server).

    • After the key is successfully generated, key files

      and

      . Pub can be found in the corresponding path, which correspond to the private key and public key respectively

  3. Will represent the client identityThe private keyAdded to the localssh-agentUnified management:Ssh-add < private key >

    After the addition is successful, we just need tossh-agentEnter the password once when reading the key file instead of entering the password each time you log in using the key

    Update: It should be further noted that the key addition of ssh-add is a one-time operation. After the system restarts, the ssh-agent does not remember the added key. The reason why ssh-Agent automatically adds the previous key (run the ssh-add-l command to check the current read key of ssh-Agent) is that the ssh-Agent automatically reads the key file in the ~/. SSH directory when it starts. This path is also the default path for creating the key, so the ssh-agent will save the memory after adding the key through ssh-add.

    • The key is placed in the default path ~/.ssh (you can see that the key is read automatically)

    • The key is placed in the custom path ~/.ssh/test_dir (you can see that the key is not read)

    You can add AddKeysToAgent yes to the client configuration file ~/. SSH /config to unlock the encryption key and automatically add it to the ssh-Agent. In this way, you only need to unlock the key file once during this startup, instead of entering the password each time a connection is established. (Of course, you need to unlock it again after the restart.)

  4. Transfer the public key used to authenticate the client to the server: ssh-copy-id -i < public key > < server username >@< server IP address >

  5. Log in to the server using a key

conclusion

In this note, we give a brief introduction to SSH and step by step implement password and key login respectively. Since then, our interactions with the server have become more “regular.”

However, server as the basis of application operation, security is the top priority. SSH login security is a very important part of server security.

In the next note, we will take a brief look at SSH security configuration to make our server a little more “robust” 🙂