SSH is a secure shell communication protocol that allows users particularly system administrators to access a computer over an unsecured network. An SSH key is an access credential to access the SSH protocol. It resembles a password to grant access and to what one can access.
SSH creates a secure channel between local and remote computes, Manages server hardware, routers, virtualization platforms, and operating systems. SSH also implements a single sign-on (SSO) that allows users to move between accounts without typing a password each time they change an account.
SSH key-based authentication is also known as Public key authentication which is the most common in interactive and automated connections. It is essentially where data is encrypted with two keys, the private and the public key. It uses asymmetric cryptographic algorithms where a public key can only decrypt data encrypted with a private key.
Once a server receives a public key, it checks if it is authorized and stores it in its authorized keys file. The private key is kept with the computer (not sent to the server) which is used to access the remote system.
This guide will show you how to configure the SSH server and use SSH keys on Kubuntu|KDE Neon.
Installing SSH server on Kubuntu / KDE Neon
Update your system packages.
### Kubuntu ### sudo apt update && sudo apt upgrade -y ### KDE Neon ### sudo apt update && sudo pkcon update -y
Then install the SSH server using the following command.
sudo apt install openssh-server
Then start the service and enable it to start on boot time.
sudo systemctl start ssh sudo systemctl enable ssh
Then check the status using
$ systemctl status ssh ● ssh.service - OpenBSD Secure Shell server Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled) Active: active (running) since Fri 2022-04-15 11:46:47 EAT; 3 days ago Docs: man:sshd(8) man:sshd_config(5) Main PID: 605 (sshd) Tasks: 1 (limit: 4572) Memory: 1.7M CGroup: /system.slice/ssh.service └─605 sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups Apr 15 11:46:47 kdeneon systemd: Starting OpenBSD Secure Shell server... Apr 15 11:46:47 kdeneon sshd: Server listening on 0.0.0.0 port 22. Apr 15 11:46:47 kdeneon sshd: Server listening on :: port 22. Apr 15 11:46:47 kdeneon systemd: Started OpenBSD Secure Shell server.
Configure ufw to allow ssh through the firewall.
sudo ufw allow ssh
Check the ufw status using the following command.
$ sudo ufw status Status: active To Action From -- ------ ---- 22/tcp ALLOW Anywhere 22/tcp (v6) ALLOW Anywhere (v6)
Install open ssh client
Install the SSH client on your local machine.
sudo apt install openssh-client
Try to test by login into the server. My server will be [email protected]
You will get something like below
The authenticity of host '192.168.200.36 (192.168.200.36)' can't be established. ECDSA key fingerprint is SHA256:9CeD8Qd/mHY4YQyx2UbKlJ0XRFKxOGpP2w5KIJcuBhU. Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Then input the server where you will be logged into the terminal of the server machine.
To logout type
$ exit logout Connection to 192.168.200.36 closed.
Disable SSH root and Password-based login
To disable SSH root login, access the main SSH configuration file on the server machine.
sudo nano /etc/ssh/sshd_config
Then change the PermitRootLogin to no as follows.
To disable password login set the following options to No.
Save and exit the file. Then restart the SSH daemon.
sudo systemctl restart sshd
On your local machine. test login with root to the server, you will be denied access.
$ ssh [email protected] [email protected]: Permission denied (publickey).
To log in with the password
$ ssh email@example.com -o PubkeyAuthentication=no [email protected]: Permission denied (publickey).
Change SSH port
Normally, SSH connects on port 22. If you want to change the port, edit the configuration file under the port number and put the port you want. (This is optional)
If you changed the port number on the server configurations, match the port number using the following configurations on the client machine.
$ ssh -p port_number remote_host
Create SSH Keys
On your local machine, generate the SSH key using the following command. You can press enter to set the path as default.
$ ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/home/ann/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/ann/.ssh/id_rsa Your public key has been saved in /home/ann/.ssh/id_rsa.pub
Your keys are created at the /.ssh/ directory. Change to that directory and list down the contents.
$ cd .ssh $ ls id_rsa id_rsa.pub known_hosts
Using ssh-add and ssh-agent
ssh-add is a command used to add ssh private keys into SSH for implementing single sign-on. The agent that does the process is called ssh-agent.
To use it enter the following command. (the quotes are backquotes)
$ eval `ssh-agent` Agent pid 511203
Then enter the command on the client machine
$ ssh-add Identity added: /home/ann/.ssh/id_rsa (ann@kubuntu)
To remove private keys of the cached ssh-agent use the following command
$ ssh-add -D All identities removed.
Tunnel an X session over SSH
X forwarding is a method that lets you run interactive graphical interfaces on your local computer over a network protocol X.
To enable X session over SSH, ensure you have the xauth utility installed on your server.
$ which xauth /usr/bin/xauth
Most of the Linux systems have it installed. If you do not have it, you can install it using
sudo apt install xauth
Then enable x-forwarding on the server by editing the configuration file and setting the X11forwarding to yes
sudo nano /etc/ssh/sshd_config
Then set the options on the file as below.
X11Forwarding yes X11DisplayOffset 10
Save and exit the file.
On the local machine (client) you can use the direct command to enable x-forwarding
$ ssh -X [email protected]
Copy files over SSH using SCP
scp or secure copy is a command that allows you to copy files over a network by providing the remote computer’s IP address or DNS name.
To copy a file from a local machine to server us the following command
$ scp testfile.txt [email protected]:<path> testfile.txt 100% 48 93.8KB/s 00:00
The Path is where you want to save the file on the remote computer. If left blank, the file will be saved on the home directory of the remote machine.
To copy from remote to a local machine
$ scp [email protected]:/home/ann/testfile localfile.txt testfile.txt 100% 48 88.0KB/s 00:00
This will copy the file to the current working directory on the local machine and rename it to the localfile.txt.
From this guide, you have learned how to install an SSH server on KDE Neon|Kubuntu systems. We have also dealt will installing the SSH client on a local machine and configured it to connect to the server. We have learned how to copy files over SSH and enable X tunneling over SSH.