SSH

How to Connect two Linux machines using SSH keys

/ Sagar/Shanky / 2 Comments

If you need to log in to multiple Linux machines, doing it manually is a tedious and time-consuming task; why not use SSH Key-based authentication, which is safe and best to connect multiple Linux machines.

SSH is a secure shell protocol that allows you to connect multiple Linux machines securely and remotely.

This tutorial will teach you how to connect two Linux machines using SSH keys. Let’s get started.

Join 50 other followers

Table of Content

  1. Prerequisites
  2. What is SSH?
  3. What are ssh keys?
  4. SSH Key generation using ssh keygen
  5. How to Connect one instance to another remote AWS EC2 instance
  6. Listing Linux SSH commands
  7. Conclusion

Prerequisites

  • Ubuntu 18.0.4 machine preferrably, if you don’t have any machine you can create a ec2 instance on AWS account
  • It is recommended to have 4GB RAM
  • At least 5GB of drive space

You may incur a small charge for creating an EC2 instance on Amazon Managed Web Service.

What is SSH?

SSH is a secure shell protocol to connect Linux machines securely and remotely. When you connect to a remote machine, you log in using an account that already exists and connects to a shell session which is a text-based interface.

To connect from one machine over SSH source machine must have an ssh client installed, and SSH Daemon must be running on the remote machine.

There are two ways in which you connect to a remote machine from a source machine:

  1. By using a username/password which is not a safer method
  2. By using SSH authentication method with SSH Keys which is secure.

What are ssh keys?

SSH keys are sets of matching cryptographic keys used for authentication; one of them is the Private key, which is never shared with anyone and kept for your login purpose, and the other is the Public Key, which can be shared.

SSH Key generation using ssh keygen

Now that you have a basic idea about SSH and ssh keys, which is great, let’s dive in and learn how to create ssh keys using the ssh-keygen command. Generating the new SSH key pair is straightforward, and to generate SSH keys, it uses cryptographic algorithms such as RSA (most widely used), DA, and ECDSA.

  • To generate the SSH keys run the ssh-key command as shown below. After you execute the command two keys are generated one is private and the other is public key.
ssh-keygen
Running ssh-keygen command to generate private and public keys on ubuntu machine
Running ssh-keygen command to generate private and public keys on ubuntu machine.
  • Next after you execute the command it will prompt to save the keys in a particular directory, for now select all the values as default and continue.
Saving the ssh keys in ubuntu machine
Saving the ssh keys in the ubuntu machine
  • Both the keys (Private and public keys) will be generated under ~/.ssh with the following names id_rsa which is Private key and id_rsa.pub is Public Key
Viewing the Public keys and Private keys
Viewing the Public keys and Private keys
  • Next, copy the Public Key to another remote machine by using ssh-copy-id command. 
  ssh-copy-id ubuntu@remotemachine

If you get Permission denied (publickey) while running ssh-copy-id ubuntu@remotemachine then on remote node edit the /etc/ssh/sshd_config file and update PasswordAuthentication from no to yes then restart the service using sudo systemctl restart sshd command.

Copying the Public Key to remote node using ssh-copy-id command
Copying the Public Key to the remote node using ssh-copy-id command
  • After the ssh-copy-id command is succesfully executed you will see the public key will be copied in the ~/.ssh/authorized_keys directory in remote machine.
Verifying the public keys in the remote machine
Verifying the public keys in the remote machine

Note: If you wish to copy the public key without ssh-copy-id command then use cat ~/.ssh/id_rsa.pub | ssh ubuntu@remotemachine “mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys” command directly.

  • Finally, try logging into remote machine without password using the below command.
ssh ubuntu@remotemachine

As you can see below, you can connect to the remote machine using SSH Keys.

Log in to remote node using ssh command
Log in to remote node using ssh command.

How to Connect one instance to another remote AWS EC2 instance

Earlier in the previous section, you learned how to generate keys in a Linux machine and connect two Linux machines. As the cloud evolves, such as AWS, people generally tend to use Linux machines hosted on AWS or Azure.

In this section, learn how to connect one instance to another remote AWS EC2 instance. To do that, follow the below steps:

Make sure both the AWS EC2 instance have same key pair attached.

  • Firstly, create a new Key pair named newly from EC2 dashboard as shown below.
Creating a new AWS EC2 key pair
Creating a new AWS EC2 key pair
  • Now, download the newly key in pem format that you just created.
  • Next, Launch two Public AWS EC2 instance from AWS console named source instance and remote instance with same keypair (“newly”)
    • IP address of source machine: 10.111.4.53
    • IP address of destination machine: 10.111.4.18
  • Now, convert newly.pem into newly.ppk using puttygen tool which you will use to log in to source and remote machine.
  • Log in to source machine using your favorite SSH client by providing Public IP address and newly.ppk key.
  • Further, inside the source machine’s home directory create a file named awskeypair as shown below.
Creating a file named awskeypair
Creating a file named AWS keypair
  • Paste the content of newly.pem key from your local machine to awskeypair file in the home directory of source machine as shown below.
Copying the Private key content into aws key pair
Copying the Private key content into aws key pair
  • Now set the permissions of awskeypair file in home directory to 600 on the source machine with below command.
chmod awskeypair 600

Now that you have set up your source AWS EC2 instance properly let’s connect to the remote AWS EC2 instance using the below ssh command. 

ssh -i awskeypair ubuntu@10.111.4.18

As you can see below source AWS EC2 instance can connect to the remote machine using SSH Keys.

Connecting source AWS EC2 instance with remote AWS EC2 instance
Connecting source AWS EC2 instance with remote AWS EC2 instance

Listing Linux SSH commands

In this section, let’s quickly revise and learn important Linux SSH commands that one should know.

  • To connect to remote linux machine.
ssh remote_machine
  • To connect to remote server with different user 
ssh user@remote_machine
  • To run a command on remote server.
ssh user@remote_machine command_to_run
  • To connect to remote machine with non standard port 22
ssh -p port_number user@remote_machine
  • How to disable Password Authentication on linux machine.

Firstly modify the /etc/ssh/sshd_config file and update PasswordAuthentication to NO and run the below command.

service ssh restart
  • How to change the SSH Port on the linux machine.

Firstly, edit the ssh file using the below command, comment the Port 22 and add the desired Port number.

vi /etc/ssh/sshd_config

Now, execute the below command.

service ssh restart
  • How to limit number of users or groups to login to linux machine.

Firstly edit the ssh file using the below command and look for Allowusers. Append all the usernames before Allowusers. Similarly, look for AllowGroups and append all group names before Allowgroups.

vi /etc/ssh/sshd_config

Now, execute the below command.

service ssh restart
  • How to disable Root login on Linux machine.

Firstly edit the ssh file using the below command and update PermitRootLogin to no and service the ssh service.

vi /etc/ssh/sshd_config
service ssh restart

Conclusion

In this tutorial, you learned how to generate and use SSH keys to securely log in to remote machines. With SSH keys, you can secure your connections and don’t require entering a password every time you log in to your remote machines.

Now, you know how to generate SSH keys and use them to log in to machines securely; which Linux instance are you planning to access securely?

Advertisement