Setting Up Server


1) Installation

$ sudo apt update

$ sudo apt install openssh-server

This enables server and remote users can immediately login using the users already configured on server.

2) Check it’s running

sudo systemctl status ssh

3) Ubuntu comes with a firewall configuration tool called UFW. If the firewall is enabled on your system, make sure to open the SSH port:

sudo ufw allow ssh


To stop:

sudo systemctl stop ssh

To start:

sudo systemctl start ssh

To disable the SSH service to start during system boot run:

sudo systemctl disable ssh

To enable it again type:

sudo systemctl enable ssh

Logging In

ssh user@host

enter password

Using Key Pairs

Create Key Pair

ssh-keygen -t rsa


Add PUBLIC to Remote Host  (Server)

First, copy (‘install’) PUBLIC key on the remote host

localhost$ ssh-copy-id -i <user@host>


bobby$ ssh-copy-id -i bobby@
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: ""
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
bobby@'s password:

<entering password for user @ host>

Number of key(s) added: 1

Now try logging into the machine, with: "ssh 'user@host'"
and check to make sure that only the key(s) you wanted were added.

$ ssh user@host


Using PRIVATE to Connect

ssh -i id_rsa user@host


bobby$ ssh -i id_rsa bobby@
Enter passphrase for key 'id_rsa': 
Welcome to ...

NOTE: Now, it’s NOT the password for the USER (at the host) but the password for the RSA key.


Add PRIVATE Key to Local Agent

To avoid having to enter password.

bobby$ ssh-add -l
The agent has no identities.

bobby$ ssh-add id_rsa 
Enter passphrase for id_rsa: 
Identity added: id_rsa (id_rsa)

bobby$ ssh-add -l
2048 SHA256:6baeckDpXBUdnkmbMWqEu5dSVtLMN36/RRYxaxe2a+d id_rsa (RSA)

Welcome to Ubuntu ...

(Now no requesting of password.)


Verify Pair Belongs To Each Other…..

bobby$ diff <(ssh-keygen -y -e -f <(ssh-keygen -y -e -f ../bobby-id_rsa )

(empty output, no differences indicated by diff command means pair belongs to each other)


NOTE- the below actually ONLY uses the .pub file (…. or….?)

Using -l option:
“-l Show fingerprint of specified public key file. For RSA and DSA keys ssh-keygen tries to find the matching public key file and
prints its fingerprint. If combined with -v, a visual ASCII art representation of the key is supplied with the fingerprint.”

bobby$ ssh-keygen -l  -f id_rsa 

2048 SHA256:1bzgykDpXBUdnkmbMWqEu5dSVtLMN36/RReZhcD1z+s bobby@Bobbis-MacBook-Pro.local (RSA)

bobby$ ssh-keygen -l  -f 

2048 SHA256:1bzgykDpXBUdnkmbMWqEu5dSVtLMN36/RReZhcD1z+s bobby@Bobbis-MacBook-Pro.local (RSA)