How to set up SSH keys on CentOS 8

Secure Shell (SSH) is an encrypted network protocol designed to make a secure connection between a client and a server.

The two most popular SSH authorization methods are password-based authentication and public key-based authentication. Using SSH keys is generally more secure and convenient than traditional password authentication.

This article describes how to generate SSH keys on CentOS 8. We will show you how to set up an SSH key and connect to a remote server without a password.

1. Create an SSH key on CentOS##

You probably already have an SSH key pair on your CentOS client. If you are generating a new key pair, the old key pair will be overwritten.

Run the following ls command to check if the key file exists:

ls -l ~/.ssh/id_*.pub

If the command line output is similar to: No such file or directory, or no matches found, it means that the user does not have an SSH key pair, and you can proceed to the next step to generate an SSH key pair.

Otherwise, if you have an SSH key pair, you can use them directly, or back up the old key and generate a new key pair.

Using your email address as a comment to generate a 4096-bit SSH key pair, enter the following command:

ssh-keygen -t rsa -b 4096-C "[email protected]"

You will be prompted to specify the file name:

Enter file in which to save the key(/home/yourusername/.ssh/id_rsa):

Enter Enter to accept the default file location and file name.

Next, you will be asked to enter a secure password. Regardless of whether you need to set this security password, it is entirely up to you. A secure password will be more secure. If you don't want a secure password, enter:

Enter passphrase(empty for no passphrase):

The entire interaction process looks like this:

To verify that your new SSH key is generated, enter:

ls ~/.ssh/id_*

Output:

/home/yourusername/.ssh/id_rsa /home/yourusername/.ssh/id_rsa.pub

2. Copy the public key to the server##

Now that the SSH key has been generated, the next step is to copy the public key to the server you want to manage.

The easiest and most recommended way to copy the public key to a remote server is to use the ssh-copy-id tool. Type in your local machine terminal:

ssh-copy-id remote_username@server_ip_address

This command will ask you to enter the remote_username password:

remote_username@server_ip_address's password:

Once the user is authorized, the public key file (~/.ssh/id_rsa.pub) will be attached to the remote user ~/.ssh/authorized_keys file, and the connection will be closed.

Number ofkey(s) added:1

Now try logging into the machine,with:"ssh 'username@server_ip_address'"
and check to make sure that only the key(s) you wanted were added.

If ssh-copy-id is not available on your local computer, use the following command to copy the public key:

cat ~/.ssh/id_rsa.pub | ssh remote_username@server_ip_address "mkdir -p ~/.ssh && chmod 700 ~/.ssh && cat >> ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys"

Three, use SSH key to log in to your server##

After completing the above steps, you should be able to log in to the remote server directly without entering a password.

To verify it, try to log in to your server via SSH:

ssh remote_username@server_ip_address

If you do not set a password for the private key, you will be able to log in to the server soon. Otherwise, you will be asked to enter a password.

Fourth, disable password verification##

To make the remote server more secure, you can disable SSH password authentication.

Before continuing, make sure you can log in to your server as a sudo user without a password.

Follow the steps below to disable SSH password authentication:

  1. Log in to your remote server:
ssh sudo_user@server_ip_address
  1. Open the SSH configuration file etc/ssh/sshd_config with your text editor:
sudo nano /etc/ssh/sshd_config
  1. Search for the following command and modify it as follows:
PasswordAuthentication no
ChallengeResponseAuthentication no
UsePAM no
  1. Once completed, save the file and restart the SSH server, enter:
sudo systemctl restart ssh

At this time, password-based authentication is disabled.

Five, summary##

We show you how to generate a new SSH key pair and set up SSH-based authentication. You can use the same key to manage multiple remote servers. You have learned how to disable password verification and enhance the security of your server.

By default, SSH listens on port 22. Modifying this default SSH port can reduce the risk of automatic attacks. To simplify your workflow, use SSH configuration files to define all SSH connections.

Recommended Posts

How to set up SSH keys on CentOS 8
How to set up an Apache virtual host on CentOS 7
How to set up Gogs on Ubuntu 14.04
How to set up R on Ubuntu 14.04
How to set up the Nginx server configuration block on CentOS 8
How to set up Shiny Server on Ubuntu 14.04
How to set up time synchronization on Ubuntu 18.04
How to set up a DNS server on Ubuntu 18.04
How to install MySQL on CentOS 8
CentOS 7 set up NTP, SSH service
How to install Memcached on CentOS 8
How to install R on CentOS 8
How to install FFmpeg on CentOS 8
How to install Virtualbox on CentOS 8
How to install TensorFlow on CentOS 8
How to Update to gcc4.9.x on Centos7
How to install TeamViewer on CentOS 8
How to install Perl 5 on CentOS
How to install Git on CentOS 8
How to install Gradle on CentOS 8
How to install Elasticsearch on CentOS 8
How to install Jenkins on CentOS 8
How to install Java on CentOS 8
How to install Go on CentOS 8
How to install GCC on CentOS 8
How to install Yarn on CentOS 8
How to install Nginx on CentOS 8
How to install Asterisk on CentOS 7
How to install Jenkins on CentOS 8
How to install Vagrant on CentOS 8
How to install Python 3.8 on CentOS 8
How to install Tomcat 9 on CentOS 8
How to install Webmin on CentOS 8
How to install Ruby on CentOS 8
How to install Skype on CentOS 8
How to install htop on CentOS 8
How to install Python on CentOS 8
How to install Elasticsearch on CentOS 8
How to install Postgresql on CentOS 8
How to install Wordpress on Centos
How to install htop on CentOS 8
How to install TeamViewer on CentOS 8
How to add swap on CentOS 7
How to install MariaDB on CentOS 8
How to install MongoDB on CentOS 7
How to install Odoo 13 on CentOS 8
How to install Apache on CentOS 8
How to disable SELinux on CentOS 8
How to install OpenCV on CentOS 8
How to install PHP on CentOS 8
How to install MongoDB on CentOS 8
How to set up Java Home on Ubuntu and Raspbian
How to set up a Masterless Puppet environment on Ubuntu 14.04
How to set up a firewall with UFW on Ubuntu 14.04
How to set up vsftpd for anonymous downloads on Ubuntu 16.04
How to set up a production Elasticsearch cluster on Ubuntu 14.04
How to set up an Apache virtual host on Ubuntu 16.04
How to set up an Apache virtual host on Ubuntu 20.04
How to set up password authentication with Nginx on Ubuntu 14.04
How to set up vsftpd for user directories on Ubuntu 16.04
Detailed steps to set up a Git server on CentOS