The Latest
set up SSH keys on centos 1

How to Set Up SSH Keys on CentOS 8

November 5, 2021

Secure Shell, widely known as SSH, is a protocol designed to communicate with and administer the server. It is crucial to know how to set up SSH Keys on CentOS 8 server and connect to a terminal session through the server.

SSH is a cryptographic protocol designed for connection between a server and a client. It provides a secure and safe method of logging into the server. Hence, it is recommended for all the users and server administrators to learn this task. Furthermore, the two mechanisms for SSH authentication are public-key-based and password authentication mechanisms. Also, SSH Keys are more secure than traditional password authentication. 

This article describes how to generate SSH keys on CentOS 8 Systems. This article will also discuss how to access servers via SSH without using the traditional password mechanism. 

Step 1: Generate a Key Pair on the Client Machine

The first step to set up SSH Keys is to generate a key pair on the client machine. In this tutorial, we will assume that our client is a local PC. To generate key pair, use the following command:

ssh-keygen

This command will generate a 2048-bit key pair. For a higher level of security, you can add a -b flag to the command. This flag will generate a 4096-bit key pair. After executing this command, the Terminal will ask you the location to save the generated key pair. In this case, you can either press the “Enter” key to save at the current location, or you can just type the new path. 

On a side note, if a pair of keys exist, you will get an alert stating to overwrite the existing key pair. After specifying the path, the command will ask you to add an optional passphrase. You can either choose to type it to increase the security level or skip it. After that, press the “Enter” key to continue. 

You will get an output like the image given below:

CentOS 8 Client

If the key pair generation is successful, you will have two files: 

  • id_rsa: this is a private key, and you should not share it with anyone.
  • id_rsa.pub: this is a public key. You can distribute it.

Step 2: Copy the Public Key on the CentOS 8 Server

The next step is to add the public key to your CentOS 8 Server machine. The quickest way to achieve this is to use an ssh-copy-id tool. It is pre-installed on almost all operating systems. In contrast, you can also copy the key directly via SSh. Let us look at each method in detail:

1. Copy the Key via ssh-copy-id

This command-line tool is used to copy the public key pair on the server. To use this tool, the first step is to specify the login data. You will use this login data to connect to the server. Secondly, you will have to specify the remote host where you will send your public key pair. 

For this step, type and execute:

ssh-copy-id user@remote_host

Make sure to replace the “user” with the server username and “remote_host” with the server’s public IP. When creating a connection for the first time, you will get an alert informing you that your server is not recognized. Type “Yes” and then press the “Enter” key to continue. 

After that, you will get a prompt to enter the password. Type it, and press the “Enter” key. If the operation is successful, you will get a similar output. 

CentOS 8 Server

2. Copy the Key via SSH on CentOS 8

In case the ssh-copy-id tool is not installed on your CentOS 8 Server, you can still copy the key pair using SSH. For this step, you will use the cat command combined with the ssh command to copy the public key pair.

For example:

cat ~/.ssh/id_rsa.pub | ssh user@remote_host "mkdir -p ~/.ssh && touch ~/.ssh/authorized_keys && chmod -R go= ~/.ssh && cat >> ~/.ssh/authorized_keys"

Through this example, you can easily add your public key pair to the authorized_keys folder without overwriting the existing content. 

3. Copy the Key Pair Manually on the CentOS 8 Server

The last method to copy the key pair is to do it manually. For this operation, follow the steps listed below:

1. First, print the file’s contents “~ / .ssh / id_rsa.pub” using the cat command. 

2. Secondly, navigate to the folder where you generated the keys. The default path is home/your_username/.ssh/.

For example: 

cd /home/your_username/.ssh/

Make sure to replace the username with your client machine name.

3. Thirdly, execute the command given below:

cat id_rsa.pub

You will get a similar output:

copy the SSH key on CentOS 8 server

4. The next step is to check if the ssh folder exists or not. For this, we will use the mkdir command.

For example:

mkdir -p ~/.ssh

The mkdir command will create the folder if it does not exist.

5. After that, connect to your server machine using the ssh command. 

For example:

ssh user@remote_host

Make sure to replace the “user” with the server username and “remote_host” with the server’s public IP.

6. After that, you will copy all the output into the authorized_keys file using the echo command.

For example:

echo public_key >> ~/.ssh/authorized_keys

The output below shows the process of manually copying the command. You will also get a similar output. 

set up SSH keys on CentOS 8

7. Finally, execute the command given below: 

chmod -R go= ~/.ssh

8. Lastly, specify the authorized username instead of the “user” parameter when executing the following command:

chown -R user:user ~/.ssh

Step 3: Access the CentOS 8 Server via SSH keys

Now that you have successfully copied the public key pair on the server, you will now need to access the server via SSH keys. To access the server, use the ssh command.

For example:

ssh user@remote_host

Make sure to replace the “user” parameter and “remote_host” parameter like you did in the previous step. After you execute the command, you will also have to enter the passphrase if you have identified it previously.

You will get a similar output as shown below:

access the CentOS 8 via SSH keys

Step 4: Disabling password-based login to Set Up SSH Keys on CentOS 8

If you have completed step 3, you must access the server without using the password for the login. The password is not required as it exposes the server to brute force attacks and makes it vulnerable. Therefore, it is a good practice to disable it permanently. 

To perform this step, open the server as a root user and open the sshd_config file using the vim editor.

For example: 

sudo vi /etc/ssh/sshd_config
set up SSH keys on CentOS 8 final step

After opening the file, search for the PasswordAuthentication field and set its value to “no”. Then delete the symbol # to uncomment and exit the Vim editor. You can also check out our detailed article on how to use the Vim editor

Lastly, restart the server to apply all the changes. 

For example:

sudo systemctl restart sshd

Finally, you have completed the process of how to set up SSH keys on the CentOS 8 Server

The SSH service protocol is the main access point to our servers. In this article, you have set up SSH Keys for your CentOS 8 Servers with an encrypted authentication mechanism. You have also learned how to disable password authentication to avoid exposing the server.

If this guide helped you, please share it.

Author
Sidrah Abdullah
Sidrah is a staff writer at Distroid and has a Masters in Computer Science, with her key two focus areas being SQL and DevOps. She has written over 100 posts and specializes in all things Linux. She also has experience trying out various other distros, BASH scripting, Git, and software testing. LinkedIn GitHub
Leave a Reply
Related Posts