Installing Ubuntu Server

With our VM setup and booted to the Ubuntu installer we can go ahead and install the OS. Follow the steps below to install Ubuntu Server. You can use Space to select things, Tab and Arrow keys to navigate the installer UI.

Time needed: ~20 minutes.

Installing Ubuntu Server

  1. Select your language
    This is the system language your new OS will use. So make sure you are fluent with it.
  2. Done
  3. Set your preferred keyboard layout
  4. Done
  5. Verify your network connection info
    Make sure your VM is getting an IP from your network, and if not make sure you setup a static address so it can communicate!
  6. Done
  7. Done
  8. Done
  9. Use An Entire Disk
  10. Done
  11. Select your Disk
    It may say “local disk”, “MSFT Disk”, etc.
  12. Enter
  13. Done
  14. Continue
  15. Fill out the following fields:
    Your Name
    Your Server’s Name: <must be all lowercase>
    Pick a username: <must be all lowercase>
    Choose your password
    Confirm your password
  16. Done
  17. Install OpenSSH Server [Checked]
    Don’t worry about the SSH key stuff as we will do this later.
  18. Done
  19. Deselect anything that is enabled in Server Snaps.
    You won’t be using snaps for anything on this server.
  20. Done
  21. Wait for Installation to complete and select reboot.

Post Install

In the event that the installer asks you to remove the installation media, just ignore it and hit enter. Hyper-V will automatically update the boot priority for you. After the reboot process has completed, you will be greeted by a login screen.

    If you happen to get a readout for ssh key gen and cant see the login, click into the VM an hit the Enter key once. This will clear the screen and show the login view.

      After you are logged in, run sudo apt update to update package repositories.

      Now run sudo apt upgrade -y to update packages.

      This next section uses the OpenSSH Client feature in Windows 10 1809+. Prior versions of Windows do not have the ability to add the OpenSSH client feature. You will need to install PuTTy to do SSH connections on prior editions of Windows.

      You should update to Windows 10 as Windows 7 is now EOL (End Of Life) as of 14 January, 2020!

      Securing the Virtual Machine’s SSH Access via Key File

      Next we need to secure SSH access to the virtual machine using a public/private key pair. Start by installing the OpenSSH Client service feature.

      PowerShell [Hyper-V Host] - ELEVATED SESSION

      Get-WindowsCapability -Online | ? Name -like 'OpenSSH*'
      # RETURN EXAMPLE:
      Name  : OpenSSH.Client~~~~0.0.1.0
      State : Installed
      Name  : OpenSSH.Server~~~~0.0.1.0
      State : NotPresent
      # SECOND COMMAND TO RUN:
      Add-WindowsCapability -Online -Name OpenSSH.Client~~~~0.0.1.0
      # Change OpenSSH.Client~~~~0.0.1.0 to match the version listed from first command!

      By default, SSH is done through user/password authentication. To setup key file authentication (which is more secure) we need to first generate a public/private key pair. First SSH to your virtual machine via PowerShell.

      PowerShell [Hyper-V Host]

      ssh [email protected]

      We will be using ecdsa for our key encryption. However you can use rsa if needed by removing -t ecdsa from the command.

      BASH [Linux VM]

      ssh-keygen -t ecdsa -b 521 -C "CHANGE ME TO THE NAME OF YOUR LINUX HOST"

      C indicates a comment in the key file. I usually use the hostname for the comment. You can run hostname command in the VM’s cli to get your VM’s hostname if you forgot it after setup.

      Additionally if you specify a name during the key pair creation process, you will need to copy the newly created .pub key into the ~/.ssh/authorized_keys directory. Failure to do this will cause key auth to fail. See here (step 4).

      Fill out the rest of the information it asks for. You can hit Enter to leave things blank or default. Run ls ~/.ssh/ to verify if your key pair was successfully created.

      Obtaining the Virtual Machine’s Private Key

      Now we need to copy the private key file to your Windows machine. For simplicity’s sake we will be using an FTP client (FileZilla) to grab the private key file. Connect to your VM via FTP and navigate to /home/YOUR USERNAME/.ssh.

      Step Description
      1. Host: sftp://IP.Of.VM
      Username: VM UserName
      Password: VM User Password
      2. Port = 22
      3. Navigate to /home/YOUR USER NAME/.ssh
      4. Click quickconnect.
      5. Double click your private key to download it.

      Your key will end up in your default downloads directory. Copy the key to a folder called .ssh in your C:\Users\YOUR USERNAME\ directory.

      You can use any FTP client you wish, WSL with scp, or the POSH-SSH PowerShell module to transfer the private key.

      PowerShell [Hyper-V Host]

      Install-Module -Name Posh-SSH
      $credential = Get-Credential
      mkdir $ENV:UserProfile\.ssh
      Get-SCPFile -ComputerName 'Linux Hostname/ip' -Credential $credential -RemoteFile '~/.ssh/id_ecdsa' -LocalFile $ENV:UserProfile\.ssh\id_ecdsa
      Uninstall-Module -Name Posh-SSH

      Thanks Scott H for verifying the SSH steps for the Posh-SSH module and helping me fix the command structure!

      WSL Users: Open a bash session locally and use SCP to obtain the ssh key!

      BASH via WSL [Hyper-V Host]

      scp [email protected]:~/.ssh/id_ecdsa /mnt/c/Users/YOURUSERNAME/.ssh/id_ecdsa
      

      After we copy down the private key file we can test the SSH connection via the OpenSSH client package built into Windows 10 1809+.

      PowerShell [Hyper-V Host]

      Start-Service ssh-agent
      ssh-add $ENV:UserProfile\.ssh\id_ecdsa
      Restart-Service ssh-agent
      # CONNECTION STRING:
      ssh -i $ENV:UserProfile\.ssh\id_ecdsa [email protected]

      Editing the Virtual Machine’s sshd_config File

      If your connection is successful, we can go ahead and disable SSH password auth. To do this we need to edit the sshd_config file in Ubuntu.

      BASH [Linux VM]

      sudo nano /etc/ssh/sshd_config

      Now find and edit the entries in the config file:

      • PasswordAuthentication no
      • ChallengeResponseAuthentication no
      • UsePAM no

      Then hit CTRL+X then Y to save the file and restart the ssh service:

      BASH [Linux VM]

      sudo systemctl restart ssh

      After running the restart command, you will get disconnected from the VM. Give it a few seconds to a minute and then connect back to your host by running ssh -i $ENV:UserProfile.ssh\id_ecdsa [email protected] again in your PowerShell session.

      By the way the Hyper-V console acts as a physical host connection (think monitor, keyboard and mouse) to the VM. Which allows you to use your user/pass to gain access to the VM if SSH access dies for some reason.

      Windows 10 SSH Client supports an ssh config file! This file can be placed in the .ssh folder and can use standard UNIX syntax!