• Home
  • Linux
  • Ubuntu
  • Debian
  • CentOS
  • Linux Commands
  • About Us
  • Donate
TecNStuff
Menu
  • Home
  • Linux
  • Ubuntu
  • Debian
  • CentOS
  • Linux Commands
  • About Us
  • Donate

How to Set Up SSH Keys on CentOS 8

Written by Admin, Updated On May 10, 2020
centos, security, ssh
How to Set Up SSH Keys on CentOS 8

SSH, or Secure Shell is an encrypted protocol which allows client system to communicate securely with a server. You can connect to your system remotely, perform administrative tasks and access files. It’s more secure way to communicate with server using SSH keys than password authentication. This tutorial explains how to create SSH keys on CentOS 8 server.

Create SSH keys on CentOS#

Before you start, make sure you are logged in as root or user with sudo privileges.

Step 1 – Create Key Pair#

At first, we will create a key pair on client system using below command:

ssh-keygen

By default, latest version of ssh-keygen will generate 2048-bit RSA key pair. If you wish to create larger 4096-bit key then pass -b 4096 in flag.

Above command should show output like below:

Output
Generating public/private rsa key pair.
Enter file in which to save the key (/home/yourusername/.ssh/id_rsa):

Hit the Enter key to save the key pairs at ./ssh directory or you can specify location as per your choice.

If you had previously generated an SSH key pair, you may see the following prompt:

/home/yourusername/.ssh/id_rsa already exists.
Overwrite (y/n)?

If you choose to overwrite the key on disk, you will not be able to authenticate using the previous key anymore. Be very careful when selecting yes.

Next, it will prompt to enter a secure passphrase. Passphrase will add an additional security layer to your keys. It is optional, whether you want to set or skip it by just hitting Enter key.

Output
Enter passphrase (empty for no passphrase):

Next, you will see output as following:

Your identification has been saved in /home/yourusername/.ssh/id_rsa.
Your public key has been saved in /home/yourusername/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:+cxkUbcUyFc7jXMHnQNlm/2O8rj+yDyP5Rnt29ov8Bc yourusername@yourdomain.com
The key's randomart image is:
+---[RSA 2048]----+
|           ..oB*o|
|           .ooo*B|
|          .  .+=*|
|         . .   o+|
|        S o     .|
|         *  .  E |
|          + .o+ +|
|           o.Oo=o|
|           .O=B=B|
+----[SHA256]-----+

Now you have public and private keys which you can use to authenticate with your CentOS server.

You also can verify that your files are generated or not by typing:

ls ~/.ssh/id_*

It will show output like this:

/home/yourusername/.ssh/id_rsa /home/yourusername/.ssh/id_rsa.pub

Step 2 – Copy Public Key to Server#

Next step is to place public key to your CentOS server. Simple and fast way to copy public is to use ssh-copy-id utility. Run the below command:

ssh-copy-id username@server_host

You will be prompted to enter password for your username:

Output
username@server_ip_address's password:

Once the user is authenticate successfully, the public key will be appended to ~/.ssh/authorized_keys file on remote user and connection will be disconnected.

Output
Number of key(s) added: 1

Now you can try login to your machine with command ssh username@server_ip_address and check that only the key(s) added which you want to add.

If your local system don’t have ssh-copy-id utility installed then you can use following command to copy the public key:

cat ~/.ssh/id_rsa.pub | ssh remote_username@server_ip_address "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"

Ensure that you have password-based SSH access to your server then only you can use above method.

Step 3 – Login to the Server using SSH Keys#

Now, you should be able to login to the remote machine without the remote user’s password.

Try to connect using SSH command:

ssh username@server_ip_address

If you are first time to login then it may prompt you as following. Type yes and hit Enter key to continue:

The authenticity of host '192.168.27.20 (192.168.27.20)' can't be established.
ECDSA key fingerprint is ed:ed:f4:g9:66:ge:53:48:e1:55:00:fd:6d:d7:22:fe.
Are you sure you want to continue connecting (yes/no)? yes

Now, if you haven’t set passphrase for your keys then you will be logged in immediately without asking passphrase. Otherwise it will be asked to enter passphrase. After successful authentication, a new shell session will open your user account on the CentOS server.

Step 4 – Disable SSH Password Authentication#

You can add one more security layer by disabling the password authentication for SSH. Before starting process, make sure that you are able to authenticate to your server without entering password and must have sudo enabled user account.

Let’s login to your server using ssh:

ssh username@server_ip_address

Now edit the SSH configuration file located at /etc/ssh/sshd_config:

sudo nano /etc/ssh/sshd_config

Find PasswordAuthentication directive and if line commented out then uncomment the line and set the value to no as given below:

PasswordAuthentication no

Save and close the file. You must need to restart the SSH service using below command:

sudo systemctl restart sshd

At this point, password-based authentication is disabled on your CentOS server.

Conclusion#

You learned how to create a new SSH keys pair and set up an SSH key-based authentication on CentOS 8 machine. You can set up same key to multiple remote hosts. At the end, you also learned how to disable SSH password authentication.

By default, SSH listens on port 22. You can reduce the risk of automated attacks by changing the default SSH port.

If you have any question or suggestion, please leave comment below.

If our content helps you, please consider buying us a coffee

Thank you for your support.

Share On
Share on Facebook
Share on Twitter
Share on Reddit
Share on Tumblr
 Previous Article How to Set Up Apache Virtual Hosts on Ubuntu 20.04
Next Article   How to Install Anaconda on CentOS 8

Related Posts

  • How to Install SSH Keys on Ubuntu 22.04

    How to Set up SSH Keys on Ubuntu 22.04

    January 7, 2023
  • How to Install Fail2ban on Ubuntu 22.04

    How to Install and Configure Fail2ban on Ubuntu 22.04

    December 5, 2022
  • How to Install Fail2ban on Debian 11

    How to Install and Configure Fail2ban on Debian 11

    December 4, 2022

Leave a Reply Cancel reply

DigitalOcean Referral Badge

Popular Posts

  • How to Install SSH Keys on Ubuntu 22.04
    How to Set up SSH Keys on Ubuntu 22.04 January 7, 2023
  • How to Install Mongodb on Debian 11
    How to Install MongoDB on Debian 11 Linux January 11, 2023
  • How to Install Puppet Agent on Ubuntu 22.04
    How to Install Puppet Agent on Ubuntu 22.04 January 22, 2023
  • How to Install Python 3.11 on Debian 11
    How to Install Python on Debian 11 January 25, 2023
  • How to Change-Hostname Ubuntu 22.04
    How to Change Hostname on Ubuntu 22.04 January 19, 2023
© 2020 TecNStuff All rights reserved. This website is using and storing cookies on your browser. By using this website you agree our Privacy Policy.  Follow us -  Twitter | Facebook