Secure Remote Access to Ubuntu Server

in

Today we’re going to talk about something that can make your life as an Ubuntu server admin a whole lot easier: secure remote access. No more fumbling around with VPNs or trying to remember complicated IP addresses just fire up your favorite terminal emulator and voila, you’re in!

But before we dive into the details of setting this up, why it’s so important. First off, having secure remote access means that you can manage your server from anywhere with an internet connection no more being tied to a specific location or device. This is especially useful if you have multiple servers spread out across different locations (or even just in different rooms of your house).

Secondly, and perhaps most importantly, it’s much safer than using plain old SSH without any encryption. By default, Ubuntu comes with OpenSSH installed, which uses a protocol called SFTP to transfer data securely over the network. This means that all of your sensitive information (like passwords or private keys) is encrypted and can’t be intercepted by anyone who might be snooping around on the same network as you.

So how do we set this up? Well, first things first make sure that OpenSSH is installed on both your local machine and your Ubuntu server. If it isn’t already, just run these commands:


# Update the list of available packages on the local machine
sudo apt-get update

# Install the OpenSSH server on the local machine
sudo apt-get install openssh-server

# The above commands will ensure that OpenSSH is installed on both the local machine and the Ubuntu server, allowing for secure communication between the two.

Once you’ve done that, we need to generate a new SSH key on your local machine (if you haven’t already). This is what will allow us to log in without having to enter a password every time. To do this, run:

# Generate a new SSH key on local machine using RSA encryption
ssh-keygen -t rsa

This will prompt you for some basic information like where to save the key and whether or not to use a passphrase (which is optional). Once that’s done, copy the contents of your public key (usually located in ~/.ssh/id_rsa.pub) and add it to your Ubuntu server using:


# This script will copy the contents of the local public key to the authorized_keys file on a remote server, allowing for passwordless SSH access.

# First, we use the "cat" command to read the contents of the local public key file, "~/.ssh/id_rsa.pub".
# Then, we use the "ssh" command to connect to the remote server as the specified user and execute the following commands within the quotes.

# The "mkdir -p" command creates a new directory named ".ssh" in the user's home directory on the remote server, if it doesn't already exist.
# The "cat" command then reads the contents of the local public key file again and appends it to the "authorized_keys" file within the ".ssh" directory on the remote server.

cat ~/.ssh/id_rsa.pub | ssh user@your-server "mkdir -p .ssh && cat >> .ssh/authorized_keys"
# The ">>" symbol appends the output of the "cat" command to the end of the "authorized_keys" file, instead of overwriting it.

Replace ‘user’ with the username you want to use for remote access, and ‘your-server’ with the IP address or hostname of your Ubuntu server. And that’s it! Now when you try to connect using SSH (either from a terminal window or an SSH client like PuTTY), you should be able to log in without having to enter a password.

Of course, there are some caveats and best practices we should mention here as well. For one thing, it’s always a good idea to use a passphrase with your private key this adds an extra layer of security by requiring you to enter a second piece of information before being able to log in. It might be annoying at first, but trust us, it’s worth it!

Another important thing to remember is that SSH keys can expire after a certain amount of time (usually 7 days). If this happens, you’ll need to regenerate your key and add the new public key to your server. This isn’t too difficult just run:


# This script generates a new SSH key and adds it to the authorized keys on a server.
# This is necessary to establish a secure connection between your local machine and the server.

# Generate a new SSH key using the ssh-keygen command.
ssh-keygen

# Copy the public key from the generated key pair and add it to the authorized keys on the server.
# The cat command is used to read the contents of a file, in this case, the public key.
# The | (pipe) symbol is used to redirect the output of the cat command to the ssh command.
# The ssh command is used to connect to the server and execute a command remotely.
# The mkdir command creates a new directory on the server, in this case, the .ssh directory.
# The -p flag ensures that the command does not throw an error if the directory already exists.
# The cat command is used again to append the public key to the authorized_keys file in the .ssh directory.
cat ~/.ssh/id_rsa.pub | ssh user@your-server "mkdir -p .ssh && cat >> .ssh/authorized_keys"

And that’s it! With these simple steps, you should be able to set up secure remote access on your Ubuntu server in no time.

SICORPS