Yes I know this a Ubuntu forum.. First off all thanks for doing what you do and helping people!
Alright so I've been trying to setup SSH keys on my Ubuntu 20.04, read stuff about it online. So I generated keys on ubuntu with ssh-keygen -t rsa. Now I want only my Windows PC to connect to it (without enabling password obviously) through Windows Powershell.
So I copied my Public key file to my Windows pc and put it in C:\Users\Username\.ssh\ but somehow when connecting I receive the Error Permission denied (publickey) error.
So supposedly some "smart" people online all suggest adding this setting PasswordAuthentication yes to /etc/ssh/sshd_config but doesn't this defeat the purpose of using SSH Keys exclusively to connect to your server?
So if I would guess this has to be a directory permission issue, but I don't know what directories need what permissions on Ubuntu and Windows.
Been fiddling around with this for quite a while now, but trial and error takes so much time and I'm short on that, so if anyone could provide me with their hard earned experience that would be great.
Thanks in advance brothers! Keep the community rocking.
Grtz
Mex
11 Answer
Alright so as @muru said, do it likes this:
- Exec
ssh-keygen -t rsaon your remote (device connecting to server) and use passphrase - Find
id_rsa.pubfile inC:\Users\Username\.ssh\ - Upload it with ftp to your server (or upload to webserver and use wget)
- Save it in
~/.ssh - Make sure the file is called authorized_keys or it wont work
sudo cp id_rsa.pub authorized_keys - Remove the downloaded unused file
sudo rm id_rsa.pub - Disable password login
sudo nano /etc/ssh/sshd_config - Find or add the line
PasswordAuthentication no - Restart ssh service
sudo service sshd restart - Connect with Powershell
ssh - Optional parameters for the ssh command in powershell are a custom port
-p [port]and for debug info use-vvv - Some other optional settings for security I added to
/etc/ssh/sshd_configare:
Port [port]
Protocol 2
LogLevel VERBOSE
PermitRootLogin no
StrictModes yes
RSAAuthentication yes
IgnoreRhosts yes
RhostsAuthentication no
RhostsRSAAuthentication no
PermitEmptyPasswords no
PasswordAuthentication no
ClientAliveInterval 300
ClientAliveCountMax 0
AllowTcpForwarding no
X11Forwarding no
UseDNS no