Secure Shell, or SSH, is an encrypted protocol that is used for logging on to your remote servers. It is meant to replace the more traditional way of using a password to provide authentication. In this guide, we will show you how you can generate SSH key pairs on your CentOS 8 system. Then we will proceed on how you would be able to set up an SSH-based authentication system for your servers.
1] Check for existing SSH key pairs
To get started, we need to create the public and private keys that will be used in the authentication process. There might be some already generated keys on your CentOS system, and you can check that via this command:
ls -l ~/.ssh/id_*.pub
If the output says that no such directory exists, then there are no existing keys on your system. However, even if there are any keys, you can generate new ones. Although, be sure to back up the existing keys as the new keys will overwrite them.
2] Generate new SSH keys
Now, to generate the new key pairs, run the following command:
ssh-keygen -t rsa -b 4096 -C [email@example.com]
You will then be prompted to choose a location to save the keys; press enter to select the default one.
After that, you will be asked for a passphrase. This is an extra security step, and it is optional. If you don’t want to use a passphrase, press enter to continue.
To verify the generation of the SSH keys, run the following command:
Your output should look something like this:
4] Copy the key to your server
Now that you have generated the SSH keys, it is time to use them for authentication with your server. To do that, you will be using the ssh-copy-id command-line utility.
Use the following command to install ssh-copy-id, if not already available:
cat ~/.ssh/id_rsa.pub | ssh remote_username@server_ip_address “mkdir -p ~/.ssh && chmod 700 ~/.ssh && cat >> ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys”
Now you need to append the SSH key to your server. Run the following command:
It will prompt you for the remote username’s password, type that in and press enter. You should be greeted with the output that a key has been added.
7] Login to your server with the SSH keys
We have successfully enabled SSH key authentication on your server now. To login using these SSH keys, run the following command:
You will be prompted for your passphrase, or if you did not set one, you would be logged in immediately.
8] Disable password authentication
Now that you have a working SSH key authentication system, there is no need for password authentication. To disable the password authentication, log in to your server.
Then open the config file using this command:
sudo nano /etc/ssh/sshd_config
Then search for these arguments and modify them accordingly:
Now, all you need to do this refresh the SSH service and the password authentication for your server would be disabled.
sudo systemctl restart ssh
Have any questions about setting up SSH keys on CentOS 8? Please feel free to leave your questions and feedback in the comments section below!