1

Yes I know this a Ubuntu forum.. First off all thanks for doing what you do and helping people!

Alright so I've been trying to setup SSH keys on my Ubuntu 20.04, read stuff about it online. So I generated keys on ubuntu with ssh-keygen -t rsa. Now I want only my Windows PC to connect to it (without enabling password obviously) through Windows Powershell.

So I copied my Public key file to my Windows pc and put it in C:\Users\Username\.ssh\ but somehow when connecting I receive the Error Permission denied (publickey) error.

So supposedly some "smart" people online all suggest adding this setting PasswordAuthentication yes to /etc/ssh/sshd_config but doesn't this defeat the purpose of using SSH Keys exclusively to connect to your server?

So if I would guess this has to be a directory permission issue, but I don't know what directories need what permissions on Ubuntu and Windows.

Been fiddling around with this for quite a while now, but trial and error takes so much time and I'm short on that, so if anyone could provide me with their hard earned experience that would be great.

Thanks in advance brothers! Keep the community rocking.

Grtz

Mex

Mextro
  • 51
  • 1
  • 1
  • 5
  • You're going about it the opposite way from what I understand. To connect *from* Windows *to* Ubuntu, you should generate a key pair on Windows, copy the public key to Ubuntu and add it your authorized_keys, and then use the private key on Windows to authenticate. You seem to be mixing up these. – muru Feb 25 '21 at 11:14

1 Answers1

3

Alright so as @muru said, do it likes this:

  1. Exec ssh-keygen -t rsa on your remote (device connecting to server) and use passphrase
  2. Find id_rsa.pub file in C:\Users\Username\.ssh\
  3. Upload it with ftp to your server (or upload to webserver and use wget)
  4. Save it in ~/.ssh
  5. Make sure the file is called authorized_keys or it wont work sudo cp id_rsa.pub authorized_keys
  6. Remove the downloaded unused file sudo rm id_rsa.pub
  7. Disable password login sudo nano /etc/ssh/sshd_config
  8. Find or add the line PasswordAuthentication no
  9. Restart ssh service sudo service sshd restart
  10. Connect with Powershell ssh user@ip.address
  11. Optional parameters for the ssh command in powershell are a custom port -p [port] and for debug info use -vvv
  12. Some other optional settings for security I added to /etc/ssh/sshd_config are:

Port [port]

Protocol 2

LogLevel VERBOSE

PermitRootLogin no

StrictModes yes

RSAAuthentication yes

IgnoreRhosts yes

RhostsAuthentication no

RhostsRSAAuthentication no

PermitEmptyPasswords no

PasswordAuthentication no

ClientAliveInterval 300

ClientAliveCountMax 0

AllowTcpForwarding no

X11Forwarding no

UseDNS no

Mextro
  • 51
  • 1
  • 1
  • 5