<< Creating the Virtual Machine

Now that we have our VM setup and booted to the Ubuntu installer we can go ahead and install Ubuntu Server. Follow the steps below to install Ubuntu Server. You can use Space to select things, Tab and Arrow keys to navigate the installer UI.

1. Select your Language
2. Done
3. Set your preferred keyboard layout
4. Done
5. Verify network connection info
6. Done
7. Done
8. Done
9. Use An Entire Disk
10. Done
11. Select your Disk.
    • It may say “local disk”, “MSFT Disk”, etc. etc.
12. Enter
13. Done
14. Continue
15. Fill out the following fields:
    • Your Name
    • Your Server’s Name: <must be all lowercase>
    • Pick a username: <must be all lowercase>
    • Choose your password
    • Confirm your password
16. Done
17. Install OpenSSH Server: <checked>
    • Don’t worry about the ssh key stuff as we will do this later.
18. Done
19. Deselect anything that is enabled in Server Snaps.
20. Done
21. Wait for Installation to complete and select reboot.

Since this is a VM you can just press enter to continue when asked to remove the installation media as Hyper-V will auto boot to the VHD. After the reboot process has completed, you will be greeted by a login screen:

You can now login to your VM using the username/password you specified during installation.

After you are logged in, run sudo apt-get update to update package repositories.

Now run sudo apt-get upgrade -y to update packages.

This next section uses the OpenSSH Client feature in Windows 10 1809+. Prior versions of Windows do not have the ability to add the OpenSSH client feature. You will need to install PuTTy to do SSH connections on prior editions of Windows.

You should update to Windows 10 as Windows 7 is now EOL (End Of Life) as of 14 January, 2020!

Securing Ubuntu SSH access via key file

To install this service run the following two PowerShell commands:

# PowerShell [Hyper-V Host]
Get-WindowsCapability -Online | ? Name -like 'OpenSSH*'

# RETURN EXAMPLE:
Name  : OpenSSH.Client~~~~0.0.1.0
State : Installed
Name  : OpenSSH.Server~~~~0.0.1.0
State : NotPresent

# SECOND COMMAND TO RUN:
Add-WindowsCapability -Online -Name OpenSSH.Client~~~~0.0.1.0
# Change OpenSSH.Client~~~~0.0.1.0 to match the version listed from first command!

By default, SSH is done through user/password authentication. To setup key file authentication (which is more secure) we need to first generate a public/private key pair. First SSH to your VM via PowerShell.

# PowerShell [Hyper-V Host]
ssh [email protected]

Then run the following to generate your new SSH key. We will be using ecdsa for our key. However you can use rsa if needed.

# BASH [Linux VM]
ssh-keygen -t ecdsa -b 521 -C "CHANGE ME TO THE NAME OF YOUR LINUX HOST"

–C indicates a comment in the key file. This can be whatever you want but usually its just the hostname of the machine. You can run hostname in the cli to get your VM’s hostname if you forgot it after setup.

Naming the SSH key file during creation will stick it in whatever directory you specify. You will need to copy the .pub key into the ~/.ssh/authorized_keys file, otherwise your key file auth will not work. See here (step 4).

Fill out the rest of the information it asks for. You can hit Enter to leave things blank or default. Run ls ~/.ssh/ to verify if your key pair was successfully created.

Now we need to copy the private key file to your Windows machine. For this we can use an FTP client. Such as FileZilla. Connect to your VM via FTP and navigate to /home/YOUR USERNAME/.ssh.

Step	Description
1.	Host: sftp://IP.Of.VM Username: VM UserName Password: VM User Password
2.	Port = 22
3.	Navigate to /home/YOUR USER NAME/.ssh
4.	Click quickconnect.
5.	Double click your private key to download it.

Your key will end up in your default downloads directory. Copy the key to a folder called .ssh in your C:\Users\YOUR USERNAME\ directory.

---

You can use any FTP client you wish. You can also use the POSH-SSH PowerShell module to transfer the private key as well as WSL.

# PowerShell [Hyper-V Host]
Install-Module -Name Posh-SSH
$credential = Get-Credential
mkdir $ENV:UserProfile\.ssh
Get-SCPFile -ComputerName 'Linux Hostname/ip' -Credential $credential -RemoteFile '~/.ssh/id_ecdsa' -LocalFile $ENV:UserProfile\.ssh\id_ecdsa
Uninstall-Module -Name Posh-SSH

Thanks Scott H for verifying the SSH steps for the Posh-SSH module and helping me fix the command structure!

If you have WSL enabled you can open a bash session and use SCP there instead.

# BASH via WSL [Hyper-V Host]
scp [email protected]:~/.ssh/id_ecdsa /mnt/c/Users/YOURUSERNAME/.ssh/id_ecdsa

---

After we copy down the private key file we can test the SSH connection via the OpenSSH client package built into Windows 10 1809+.

# PowerShell [Hyper-V Host]
Start-Service ssh-agent
ssh-add $ENV:UserProfile\.ssh\id_ecdsa
Restart-Service ssh-agent

# CONNECTION STRING:
ssh -i $ENV:UserProfile\.ssh\id_ecdsa [email protected]

Editing the sshd_config file

If your connection is successful, we can go ahead and disable SSH password auth. To do this we need to edit the sshd_config file in Ubuntu.

# BASH [Linux VM]
sudo nano /etc/ssh/sshd_config

Find and edit the entries in the config file:

• PasswordAuthentication no
• ChallengeResponseAuthentication no
• UsePAM no

Now hist CTRL+X then Y to save the file and then restart the ssh service:

# BASH [Linux VM]
sudo systemctl restart ssh

You will most likely get disconnected during the ssh service restart. You can connect back to your host in a few seconds by running ssh -i $ENV:UserProfile.ssh\id_ecdsa [email protected] again in your PowerShell session. You are still able to use password auth if you connect directly to the VM via the Hyper-V console, just in case your ssh key fails!

Windows 10 SSH Client supports an ssh config file! This file can be placed in the .ssh folder and can use standard UNIX syntax!

---