Ubuntu Server Headless and Passwordless Login with an SSH Key
To use your Ubuntu Server in a headless configuration (no monitor, mouse, or keyboard) you need the ability to remotely login to it. If you had another Ubuntu laptop or desktop you could simply SSH from the command prompt into it. However, if you are on a Windows machine you can’t directly SSH into Ubuntu from the command prompt. But this problem is easily solved with PuTTY. PuTTY is a SSH client for Windows.
When using Putty with a headless Ubuntu Server you can remote in and type your username and password every time you login, or you can use an SSH key and never need to type login information again.
This tutorial covers the download and install of PuTTY and also the procedure to create and use an SSH key so you don’t have to type your credentials at every login.
To create a public and private key on Windows the first thing to do is download PuTTY. The easiest option is to scroll down and download the Windows installer.
After Putty is installed open up PuTTYgen, it should look something like this.
To start you will need to click Generate. Then move your mouse like a crazy person over the blank area below the progress bar (this is by far my favorite implementation of a random number generator).
After the key has been generated you will need to save the private key, by clicking Save private key and then confirming that you don’t want a password. OpenSSH keys are named id_rsa (for private keys) and id_rsa.pub (for public keys), but since we are using PuTTY we will name our private key id_rsa.ppk.
The public key that we will use for authenticating the connection to our server is located in the Public key for pasting into OpenSSH authroized_keys file: box at the top of the window.
The next step is to use PuTTY to remote into our Ubuntu Server and add our public key to Ubuntu’s authorized_keys file. To do this open up PuTTY and configure it to connect to your server by entering the following information:
1.Your server’s IP address in the Host Name (or IP address) field.
2. Add your user name, do this by clicking Data and entering your username in the Auto-login username field. My username is allan.
3. Next expand SSH and click Auth. Click the Browse button and find your private key (we named it id_rsa.ppk).
4. Before you click Open and connect to the server, lets save this Session by scrolling up and clicking Session, then naming the session and clicking Save.
Now that the session is saved lets click Open and connect to the server. You will notice at this point that the “Server refused our key”, this is because we haven’t yet given the server our public key.
Type your password to finish logging in and we will add our public SSH key to the server.
First you’ll need to create the .ssh directory in your home folder.
When you login you always start at your home folder, if you’ve been doing other things and are not currently in your home folder you can simply type cd ~ and you will change your current directory to your home directory.
Once in your home directory type the following four commands. These commands first create the .ssh directory, set the appropriate folder permissions, navigate into that directory, and then open a new file named authorized_keys in nano, my favorite Ubuntu text editor.
chmod 700 .ssh
The next step requires us to copy the public from PuTTYgen into the waiting nano text editor. Highlight the text in PuTTYgen, ctrl+C to copy, and then simply right click anywhere inside the open PuTTY window. When finished your PuTTY session should look something like this:
To save and exit nano hit ctrl+x, then type y, and hit enter.
Next we have to change the permissions of the authorized_keys file by typing
chmod 600 authorized_keys. (Tip: after you type the a of authorized_keys you can hit the tab key and Ubuntu will fill in the rest of the name for you.)
When you connect this time you should be fully logged in after you connect.
This is a good point make your server headless, as in removing the monitor and keyboard. You can now remote into your server, which means you can put it into its permanent physical home and still connect to it.
I put my server downstairs in a storage room with the rest of my networking hardware. This keeps my home office clutter free, and the storage room typically stays cooler in the basement so I don’t have to worry about overheating.
The next step is to start configuring your server, adding the services that will meet your needs. The first service I’m going to add is GitLab-ce.