Advance

Tutorial set up SSH Keys on CentOS 8

Tutorial set up SSH Keys on CentOS 8

Recently, you read about SSH on Linux. In this article, you will get familiar with tutorial set up SSH Keys on CentOS 8. It is a secure method for logging into your server which is recommended for all users. SSH is an encrypted protocol that is used to administer and communicate with servers.

 

Tutorial set up SSH Keys on CentOS 8

Step 1Creating the RSA Key Pair

ssh-keygen  

It is secure enough for most cases that ssh-keygen would create a 2048-bit key pair. You will see the below result after entering the command.

Output

Generating public/private rsa key pair.  Enter file in which to save the key (/your_home/.ssh/id_rsa):    

To save the key pair into the .ssh/ subdirectory in your home directory, press ENTER 

By creating a generated SSH key pair, the below result will be shown.

Output
Enter passphrase (empty for no passphrase):

You are highly recommended to enter a secure passphrase. To catch an additional layer of security to your key. A passphrase prevents unauthorized users from logging in.

You will see the following output:

Output

Your identification has been saved in /your_home/.ssh/id_rsa.  Your public key has been saved in /your_home/.ssh/id_rsa.pub.  The key fingerprint is:  a9:49:2e:2a:5e:33:3e:a9:de:4e:77:11:58:b6:90:26 username@remote_host  The key's randomart image is:  +--[ RSA 2048]----+  |     ..o         |  |   E o= .        |  |    o. o         |  |        ..       |  |      ..S        |  |     o o.        |  |   =o.+.         |  |. =++..          |  |o=++.            |  +-----------------+

As you have a public and private key to authenticate, you must get the public key onto your server to be able to use SSH-key-based authentication to log in.

 

Buy Linux Virtual Private Server

 

Step 2 Copying the Public Key to Your CentOS Server

If you want to use the quickest way to copy your public key to the CentOS host, use a utility called ssh-copy-id. And if you do not have an available ssh-copy-id on your client machine, you need to use one of the two alternate methods that follow.

 

Copying your Public Key Using ssh-copy-id

In most operating systems, the ssh-copy-id tool is included by default. So it may be available on your local system and however, you need to have password-based SSH access to your server.

Specify the remote host that you want to connect to and the user account that you have password SSH access to. The account which your public SSH key will be copied is:

ssh-copy-id username@remote_host

You would see the result as below:

Output
The authenticity of host '203.0.113.1 (203.0.113.1)' can't be established.  ECDSA key fingerprint is fd:fd:d4:f9:77:fe:73:84:e1:55:00:ad:d6:6d:22:fe.  Are you sure you want to continue connecting (yes/no)? yes             

If it is the first time you connect to a new host, your local computer would not recognize the remote host. Type Yes and press ENTER to continue.

Then, the utility will scan your account for the id_rsa.pub key which you already created. It will prompt you for the password of the remote user’s account:

Output
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed  /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys  username@203.0.113.1's password:

Type in the password and press ENTER. The utility will connect to the account on the remote host using the password you chose. It will copy the contents of your ~/.ssh/id_rsa. pub key into the remote account’s ~/.ssh/authorized_keys file.

The output will be as below:

Output

Number of key(s) added: 1  Now try logging into the machine, with:   "ssh '[email protected]'"  and check to make sure that only the key(s) you wanted were added.    

Copying Public Key Using SSH

If the ssh-copy-id is not available and you have password-based SSH access to an account on your server, upload your keys by using a more conventional SSH method.

You can use the cat command to read the contents of the public SSH key on our local computer and piping through an SSH connection to the remote server.

And also you can make sure that the ~/.ssh directory exists and has the correct permissions.

The content you piped over into a file as  authorized_keys within this directory. you can see the full command below.

cat ~/.ssh/id_rsa.pub | ssh username@remote_host "mkdir -p ~/.ssh && touch ~/.ssh/authorized_keys && chmod -R go= ~/.ssh && cat >> ~/.ssh/authorized_keys"  
Also, you may see the following message.
Output
The authenticity of host '203.0.113.1 (203.0.113.1)' can't be established.  ECDSA key fingerprint is fd:fd:d4:f9:77:fe:73:84:e1:55:00:ad:d6:6d:22:fe.  Are you sure you want to continue connecting (yes/no)? yes
You would see this if your local computer does not recognize the remote host. So you need to type yes and press ENTER to continue.
Then, you will be asked to enter the remote user account password:
Output
username@203.0.113.1's password:    
Recommended Article: Introducing aaPanel Hosting Control Panel

Copying Public Key Manually

If the password-based SSH access to your server is not available, you need to complete the above process manually.

Append the content of your id-rsa-.pub file to the ~/.ssh/authorized_keys file on your remote machine.

If you want to display your id-rsa-.pub, type this into your local computer:

cat ~/.ssh/id_rsa.pub

As below, you will see the key’s content.

Output
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCqql6MzstZYh1TmWWv11q5O3pISj2ZFl9HgH1JLknLLx44+tXfJ7mIrKNxOOwxIxvcBF8PXSYvobFYEZjGIVCEAjrUzLiIxbyCoxVyle7Q+bqgZ8SeeM8wzytsY+dVGcBxF6N4JS+zVk5eMcV385gG3Y6ON3EG112n6d+SMXY0OEBIcO6x+PnUSGHrSgpBgX7Ks1r7xqFa7heJLLt2wWwkARptX7udSq05paBhcpB0pHtA1Rfz3K2B+ZVIpSDfki9UVKzT8JUmwW6NNzSgxUfQHGwnW7kj4jp4AT0VZk3ADw497M2G/12N0PPB5CnhHf7ovgy6nL1ikrygTKRFmNZISvAcywB9GVqNAVE+ZHDSCuURNsAInVzgYo9xgJDW8wUw2o8U77+xiFxgI5QSZX3Iq7YLMgeksaO4rBJEa54k8m5wEiEE1nUhLuJ0X/vh2xPff6SQ1BL/zkOhvJCACK6Vb15mDOeCSq54Cr7kvS46itMosi/uS66+PujOO+xt/2FWYepz6ZlN70bRly57Q06J+ZJoc9FfBCbCyYH7U/ASsmY095ywPsBo1XQ9PqhnN1/YOorJ068foQDNVpm146mUpILVxmq41Cj55YKHEazXGsdBIbXWhcrRf4G2fJLRcGUr9q8/lERo9oxRm5JFX6TCmj6kmiFqv+Ow9gI0x8GvaQ== noodi@host    

After login with your available method and access to your account on the remote server, check if the directory exists. So if it does not exist, enter below command to create the directory.

mkdir -p ~/.ssh

Then, create or modify the authorized_key file within this directory.

echo public_key_string >> ~/.ssh/authorized_keys

Substitute the public_key_string with the output from cat ~/.ssh/id_rsa.pub command. Start it with the ssh-rsa AAAA….

Finally, ensure that the ~/.ssh directory and authorized_keys file have the appropriate permissions set:

chmod -R go= ~/.ssh

In order to use root account, watch if the ~/.ssh directory belongs to the user and not to root:

chown -R noodi:noodi ~/.ssh

The name of your user is noodi and you should substitute the appropriate username into the above command. Now you can attempt key-based authentication with your CentOS server.

 

Step 3Logging In to Your CentOS Server Using SSH Keys

After successful processing, you should now be able to log into the remote host without the remote account’s password.

ssh username@remote_host  

In the case of the first connecting to this host, you may see something like this:

Output
The authenticity of host '203.0.113.1 (203.0.113.1)' can't be established.  ECDSA key fingerprint is fd:fd:d4:f9:77:fe:73:84:e1:55:00:ad:d6:6d:22:fe.  Are you sure you want to continue connecting (yes/no)? yes
Recommended Article: Tutorial set up SSH Keys on CentOS 8

Step 4Disabling Password Authentication on your Server

You will be able to log into your remote server with SSH keys (as root or with an account with sudo privileges) when you confirm that your remote account has administrative privileges.

sudo vi /etc/ssh/sshd_config

Now you can search for a directive called PasswordAuthentication. To put vi, press i, and uncomment the line and set the value to no. So log in via SSH using account passwords will be disabled.

 

...  PasswordAuthentication no  ...

 

After finishing all changes, press ESC and then :wq. To implement these changes, restart the sshd services:

sudo systemctl restart sshd  

Before closing your current session, test the SSH service for the correct function.

ssh username@remote_host

You can close all server sessions, While the SSH service works properly, . Now the SSH daemon on your CentOS server responds to SSH keys.

 

Dear user, we wish this tutorial would be helpful for you, to ask any question or review the conversation of our users about this article, please visit Ask page. Also to improve your knowledge, there are so many useful tutorials ready for Eldernode training.

View More Posts
Tom Veitch
Eldernode Writer
We Are Waiting for your valuable comments and you can be sure that it will be answered in the shortest possible time.

Leave a Reply

Your email address will not be published. Required fields are marked *

We are by your side every step of the way

Think about developing your online business; We will protect it compassionately

We are by your side every step of the way

+8595670151

7 days a week, 24 hours a day