Remotely Accessing a Virtual Machine: SSH Key Pair

SSH (Secure Shell) is used for remotely accessing your server and it usually comes installed with a lot of Linux OS but where it is not installed, you can install it by installing the application OpenSSH.

The remote system must have a version of SSH installed. The information in this post assumes the remote system uses OpenSSH, see how to install OpenSSH (client and server) below.

SSH authentication can be via password or using private and public key pairs.

While you can create a user with a password to login into any Linux system, sometime accessing the Linux system via that means is not possible either because it is not enabled by your system (in a corporate environment) or for some other reason and the only way is to SSH into the system.

SSH keys come in pairs, the private and the public key. The private keys are always kept in the local machine that needs to connect to the remote system somewhere while the public keys can be shared with sysadmins to add to your corporate server or used in some form of authentication to give you access.

On the remote machine, the public key is stored in a file called authorized keys. This is where the SSH service will check to see if the key on your machine matches the public key on the server before letting you in.

You can generate ssh keys with the command:

ssh-keygen

Keys are stored in the .ssh folder inside a users home directory (/home/$USER/.ssh).

Install OpenSSH (Client & Server)

If you don't have SSH installed follow the steps below to install it, if you already do ignore the next few steps and do continue along to connect.

🌟 Start your Linux machine in a normal start.

🌟 Open the terminal and type the command below and enter your password when prompted for it.

sudo apt update -y

🌟 You can search for the package before installing it with the command:

sudo apt search openssh-client -y

The image below shows the one we want to make use of.

🌟 Next we install it using the command:

sudo apt install openssh-client -y

🌟 In the same way we install the openssh-server using the command

sudo apt install openssh-server -y

🌟 When your installations are complete, confirm that the SSH service is running with the command

systemctl status ssh

Generate SSH Keys

For this tutorial I will be working with two Virtual machines on my local computer, they are both Ubuntu. The remote location is shown on the terminal as anulika@Goz and the local SSH host which is acting as my local computer is my vagrant VM which shows up on the terminal as anulika@ubuntu-focal.

🌟 The first thing I want to do is to check for any existing keys my local user might have. This step is not required but it is recommended, type in the command below:

ls ~/.ssh/id_*

If you do not see any output or if you see an output like that below then you do not have any keys present.

If you see an output listing out keys, then you have existing keys you should back them up so that you don't lose them incase you accidentally delete them.

🌟 To create an SSH key, ensure you are in your local computer (the SSH host) and run the command below:

ssh-keygen

It will let you know that it is generating a public/private rsa key. By default it will use the rsa standard for all systems, if you want to use a different algorithm you can specify it with the -t flag. It is also good practice to add a comment, you do this by using the -C flag as seen below:

ssh-keygen -t rsa -C <"Your comment"> 

🌟 You will be asked where you want to save the key, by default it will use the id_rsa file, I will leave the default so I press enter.

🌟 When asked for a passphrase I just click enter because I don't want a passphrase. We're trying to avoid using passwords and so adding a passphrase will take me back to having to enter a password every time I want to connect.

Note that adding a passphrase is an additional security measure so that if anybody somehow gets hold of your computer with the private key, without knowing the passphrase they won't be granted access.

🌟 It will then go ahead and generate your keys.

Retrieve your Public Key

🌟 When you run the ls -la command now in the home directory of the user for which you just created an SSH key you should see the .ssh directory.

cd /home/<your user>
ls -la

🌟 Move into the .ssh directory and list it's contents and you will see both the id_rsa and the id_rsa.pub files. The former holds your private key while the latter holds your public key. This is where we will retrieve the public key from.

cd .ssh
ls -la

🌟 Output the contents of the id_rsa.pub file and copy it.

cat id_rsa.pub

This is the key you will add to your remote machine in a file called authorized keys.

Add the Public Key to the Remote Machine

The public key for an SSH key pair needs to be added to a remote machine that you can SSH access. The remote machine will use the public key to decrypt the connection that the SSH host machine—your local computer— used its private key to encrypt.

Transferring your public key to the remote system is a must. As a result, you need to either have an administrator on the remote system add the public key to the ~/.ssh/authorized_keys file in your account or be able to log into the remote system using your established username and password/passphrase.

Note

If you already have an ~/.ssh/authorized_keys file, probably because you have previously remotely accessed that machine using SSH key authentication, all you need to do in this section is to edit the ~/.ssh/authorized_keys file and add your new public key. In the authorized_keys file, add the new key in a new line and then save the file.

🌟 Head over to your remote machine, open your terminal and navigate to the home directory of your user of choice.

cd ~

🌟 List it's contents to check if you have an .ssh directory. If you have one, list its contents to see if it contains an authorized_keys file

ls -la ~
cd .ssh // #if the .ssh file exists
ls -la 

If the ~/.ssh/authorized_keys file exists, skip the next step and continue on to edit the file and place you public key in it.

🌟 If your account on the remote system doesn't already contain a ~/.ssh/authorized_keys file, create one; on the command line, enter the following commands:

cd ~
mkdir .ssh
cd .ssh
touch authorized_keys

With those 4 commands above we simply navigated to the user's home directory, created the .ssh directory, entered into the directory and created an authorized_keys file.

🌟 Next we would use a file editor to add our public key to the authorized_keys file.

vi authorized_keys

Paste your public key in the file, save and close it.

Retrieve IP Address of Your Remote machine

🌟 You need to know the IP address of the remote machine, run the below command to obtain it's IP address.

Before you start protesting about needing to have the IP address of the remote machine (I mean if you had access to the remote machine why would you need to connect to it remotely right? Wrong!!)
If you know anything about hacking, the first thing you need to do when to begin hacking any machine or server is to find the IP address of that server.

ip --brief addr show

Copy the IP address of the interface you want to use, leave your machine turned on.

If like me you are working with two VMs on the same host machine, ensure that the IP address you choose is different from that of the VM you are using as your SSH host.
If you use NAT adapter and you notice that the two VMs have the same IP address power them off and add another adapter attached to Host-only Adapter apply the changes and restart your VM. Do this for the VMs, this way they will both get different IP addresses.
Use this unique IP address for the next step.

Access the Remote Machine Using the SSH Key Pair

Now we have everything set up and if you followed the steps correctly, you should too.

• Return to your local computer, the SSH host, which has the private key and type the below command in the terminal.

ssh <user>@<ip address>

The local SSH host which is acting as my local computer is my vagrant VM which shows up on the terminal as anulika@ubuntu-focal and the remote location shows on the terminal as anulika@Goz.

If you look at what the arrows in the screenshot above points to you will notice the change when the ssh remote access was successful.

You have now successfully implemented remotely accessing a server using SSH key pairs, go on ahead and brag about your abilities champ.