Configure SSH Server and SSH Keys on Kubuntu/KDE Neon

SSH is a secure shell communication protocol that allows users particularly system administrators to access a computer over an unsecured network. An SSH key is an access credential to access the SSH protocol. It resembles a password to grant access and to what one can access.

SSH creates a secure channel between local and remote computes, Manages server hardware, routers, virtualization platforms, and operating systems. SSH also implements a single sign-on (SSO) that allows users to move between accounts without typing a password each time they change an account.

SSH key-based authentication is also known as Public key authentication which is the most common in interactive and automated connections. It is essentially where data is encrypted with two keys, the private and the public key. It uses asymmetric cryptographic algorithms where a public key can only decrypt data encrypted with a private key.

Once a server receives a public key, it checks if it is authorized and stores it in its authorized keys file. The private key is kept with the computer (not sent to the server) which is used to access the remote system.

This guide will show you how to configure the SSH server and use SSH keys on Kubuntu|KDE Neon.

Installing SSH server on Kubuntu / KDE Neon

Update your system packages.

### Kubuntu ###
sudo apt update && sudo apt upgrade -y

### KDE Neon ###
sudo apt update && sudo pkcon update -y

Then install the SSH server using the following command.

sudo apt install openssh-server

Then start the service and enable it to start on boot time.

sudo systemctl start ssh
sudo systemctl enable ssh

Then check the status using

$ systemctl status ssh
● ssh.service - OpenBSD Secure Shell server
     Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled)
     Active: active (running) since Fri 2022-04-15 11:46:47 EAT; 3 days ago
       Docs: man:sshd(8)
             man:sshd_config(5)
   Main PID: 605 (sshd)
      Tasks: 1 (limit: 4572)
     Memory: 1.7M
     CGroup: /system.slice/ssh.service
             └─605 sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups

Apr 15 11:46:47 kdeneon systemd[1]: Starting OpenBSD Secure Shell server...
Apr 15 11:46:47 kdeneon sshd[605]: Server listening on 0.0.0.0 port 22.
Apr 15 11:46:47 kdeneon sshd[605]: Server listening on :: port 22.
Apr 15 11:46:47 kdeneon systemd[1]: Started OpenBSD Secure Shell server.

Configure ufw to allow ssh through the firewall.

sudo ufw allow ssh

Check the ufw status using the following command.

$ sudo ufw status
Status: active

To                         Action      From
--                         ------      ----
22/tcp                     ALLOW       Anywhere                  
22/tcp (v6)                ALLOW       Anywhere (v6)           

Install open ssh client

Install the SSH client on your local machine.

sudo apt install openssh-client

Try to test by login into the server. My server will be [email protected]

ssh [email protected]

You will get something like below

The authenticity of host '192.168.200.36 (192.168.200.36)' can't be established.
ECDSA key fingerprint is SHA256:9CeD8Qd/mHY4YQyx2UbKlJ0XRFKxOGpP2w5KIJcuBhU.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes

Then input the server where you will be logged into the terminal of the server machine.

To logout type

$ exit
logout
Connection to 192.168.200.36 closed.

Disable SSH root and Password-based login

To disable SSH root login, access the main SSH configuration file on the server machine.

sudo nano /etc/ssh/sshd_config

Then change the PermitRootLogin to no as follows.

PermitRootLogin no

To disable password login set the following options to No.

PasswordAuthentication no

Save and exit the file. Then restart the SSH daemon.

sudo systemctl restart sshd

On your local machine. test login with root to the server, you will be denied access.

$ ssh [email protected]
[email protected]: Permission denied (publickey).

To log in with the password

$ ssh ann@192.168.200.36 -o PubkeyAuthentication=no
[email protected]: Permission denied (publickey).

Change SSH port

Normally, SSH connects on port 22. If you want to change the port, edit the configuration file under the port number and put the port you want. (This is optional)

Port [number-you-want]

If you changed the port number on the server configurations, match the port number using the following configurations on the client machine.

$ ssh -p port_number remote_host

Create SSH Keys

On your local machine, generate the SSH key using the following command. You can press enter to set the path as default.

$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/ann/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/ann/.ssh/id_rsa
Your public key has been saved in /home/ann/.ssh/id_rsa.pub

Your keys are created at the /.ssh/ directory. Change to that directory and list down the contents.

$ cd .ssh
$ ls
id_rsa  id_rsa.pub  known_hosts

Using ssh-add and ssh-agent

ssh-add is a command used to add ssh private keys into SSH for implementing single sign-on. The agent that does the process is called ssh-agent.

To use it enter the following command. (the quotes are backquotes)

$ eval `ssh-agent`
Agent pid 511203

Then enter the command on the client machine

$ ssh-add
Identity added: /home/ann/.ssh/id_rsa (ann@kubuntu)

To remove private keys of the cached ssh-agent use the following command

$ ssh-add -D
All identities removed.

Tunnel an X session over SSH

X forwarding is a method that lets you run interactive graphical interfaces on your local computer over a network protocol X.

To enable X session over SSH, ensure you have the xauth utility installed on your server.

$ which xauth
/usr/bin/xauth

Most of the Linux systems have it installed. If you do not have it, you can install it using

sudo apt install xauth

Then enable x-forwarding on the server by editing the configuration file and setting the X11forwarding to yes

sudo nano /etc/ssh/sshd_config

Then set the options on the file as below.

X11Forwarding yes
X11DisplayOffset 10

Save and exit the file.

On the local machine (client) you can use the direct command to enable x-forwarding

$ ssh -X [email protected]

Copy files over SSH using SCP

scp or secure copy is a command that allows you to copy files over a network by providing the remote computer’s IP address or DNS name.

To copy a file from a local machine to server us the following command

$ scp testfile.txt [email protected]:<path>
testfile.txt                                                             100%   48    93.8KB/s   00:00

The Path is where you want to save the file on the remote computer. If left blank, the file will be saved on the home directory of the remote machine.

To copy from remote to a local machine

$ scp [email protected]:/home/ann/testfile  localfile.txt
testfile.txt                                                              100%   48    88.0KB/s   00:00

This will copy the file to the current working directory on the local machine and rename it to the localfile.txt.

Conclusion

From this guide, you have learned how to install an SSH server on KDE Neon|Kubuntu systems. We have also dealt will installing the SSH client on a local machine and configured it to connect to the server. We have learned how to copy files over SSH and enable X tunneling over SSH.

More guides:

• Install Elastic Stack 8 (ELK 8) on KDE Neon / Kubuntu
• How To Install MATE Desktop Environment on Solus
• Install Lightworks Video Editor on KDE Neon / Kubuntu