Set Up SSH Keys on CentOS 8

SSH

Introduction

This guide explains how to create SSH keys, add the public key to your CentOS 8 server, and configure sshd for passwordless login. The IP address 1.2.3.4 is the server address in this example.

1. Create an SSH key pair (client side)

Create an SSH key pair on your computer with ssh-keygen.

$ ssh-keygen 

After running this command, you should see the following prompt:

Generating public/private rsa key pair.
Enter file in which to save the key (/your_home/.ssh/id_rsa):

Press ENTER to save this SSH key pair into the ./ssh subdirectory of your home directory, or specify an alternate path if you want.

After this you should see the following output:

Your identification has been saved in ~/.ssh/id_rsa.
Your public key has been saved in ~/.ssh/id_rsa.pub.
The key fingerprint is:
your_fingerprint_key username@remote_host
The key's randomart image is:
+--[ RSA 2048]----+
|     ..o         |
|   E o= .        |
|    o. o         |
|        ..       |
|      ..S        |
|     o o.        |
|   =o.+.         |
|. =++..          |
|o=++.            |
+-----------------+

You have created a public and private key pair. To view your public key:

$ cat ~/.ssh/id_rsa.pub

You will see a very long string that starts with ssh-rsa.

2. Add SSH key to CentOS server (server side)

SSH to the server and create the .ssh directory, if it doesn’t already exist:

$ mkdir -p ~/.ssh

Add the public key from step 1 to ~/.ssh/authorized_keys. Replace public_key with the contents of id_rsa.pub from step 1.

$ echo public_key >> ~/.ssh/authorized_keys

Log out of the server, then log back in:

$ ssh root@1.2.3.4

You will be prompted for your server root password.

3. Disable Password Authentication (server side)

Your SSH key-based authentication is configured, but password authentication is still active. To change this you need to make some changes to the file sshd_config which is located in /etc/ssh directory. You can open that file with this command:

sudo vi /etc/ssh/sshd_config

In the file, you need to find and change several lines Permit Root Login should be set to yes

...
PermitRootLogin   yes
...

Password Authentication should be set to no

...
PasswordAuthentication  no
...

Challenge-Response Authentication should be set to no

...
ChallengeResponseAuthentication  no
...  

Using of Password Authentication Method (PAM) should be set to yes

...
UsePAM yes
...

After making these changes, press ESC and then :WQ. For this change to take effect, restart the sshd service:

sudo systemctl restart sshd.service

Before closing your terminal, open a new terminal window and run this command

ssh root@1.2.3.4

You should connect to the server without a password. SSH-based authentication is successfully configured and password authentication is disabled.

Be the first to comment

Leave a Reply

Your email address will not be published.


*


This site uses Akismet to reduce spam. Learn how your comment data is processed.