Connect to Ubuntu Core with SSH

Connect to Ubuntu Core with SSH

By default, Ubuntu Core runs an OpenSSH server to enable secure remote connections to the device.

Rather than requiring a password, the server is instead configured to authenticate connections with a public SSH key linked to the Ubuntu One account used to configure the device.

The process of creating and registering this key is described below.

  1. Generate the SSH key pair
  2. Upload the public SSH key
  3. Connect to a device

Generate the SSH key pair

On Linux and macOS, the OpenSSH client package is usually pre-installed and this provides both the ssh command for connecting to servers and the ssh-keygen command used to generate an SSH public/private key pair.

First make sure you have the required directory, and that it has the correct permissions:

mkdir -p ~/.ssh
chmod 700 ~/.ssh

Now run ssh-keygen -t rsa to generate the key pair. You will be asked for a filename and a passphrase. You may want to call the file something related to your Ubuntu Core device, such as id_ubuntucore in the example output below, but this is arbitrary. A passphrase is not necessary but can add an extra layer of security.

$ cd ~/.ssh
$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key ($HOME/.ssh/id_rsa): id_ubuntucore
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in id_ubuntucore
Your public key has been saved in id_ubuntucore.pub
[...]

This will generate a 2048-bit RSA key pair, which is secure enough for most use cases (you may optionally pass in the -b 4096 flag to the ssh-keygen command, to create a larger 4096-bit key).

If you now look at the contents of the ~/.ssh directory, you will see both the private key and the public key (with a .pub filename extension) as separate files:

$ ls -1 ~/.ssh/id*
~/.ssh/id_ubuntucore
~/.ssh/id_ubuntucore.pub

Upload the public SSH key

The contents of the .pub file needs to be uploaded to the Ubuntu One account you want to associate with your Ubuntu Core device.

To add a new key, first copy the contents of the .pub public key generated in the previous step. This can be done by copying the output from cat ~/.ssh/id_<yourkey>.pub on the terminal, or by using a tool like xclip:

$ xclip ~/.ssh/id_ubuntucore.pub

The contents of the public key file need to pasted into the Public SSH Key box beneath Import new SSH key on https://login.ubuntu.com/ssh-keys:

image

Click on Import SSH key to complete the process.

This SSH keys page lists all the keys associated with your account. It lets you delete those you no longer need, and add new keys.

Every key listed here will be added to the ~/.ssh/authorized_keys file on your Ubuntu Core devices when they are initialised, permitting SSH access to accounts with the private key.

Connect to a device

If there is only one SSH key associated with your account, you can SSH to a newly provisioned Ubuntu Core device with your Ubuntu One username and the IP address of your device, as shown in the terminal of the Ubuntu Core device:

ssh <username>@<device-ip-address>

To use a specific key, such as the id_ubuntucore key pair created earlier, use the ssh -i argument:

$ ssh -i ~/.ssh/id_ubuntucore username@192.168.1.00 

You can find all the public keys capable of being used to connect to an Ubuntu Core device within your home account’s ~/.ssh/authorized_keys file.

1 Like