LowEndBox - Cheap VPS, Hosting and Dedicated Server Deals

How to Set Up SSH Keys on CentOS 8

Tags: , , , , Date/Time: February 8, 2021 @ 12:00 am, by Jon Biloh

How to setup SSH Keys on CentOS 8

Secure Shell, or SSH, is an encrypted protocol that is used for logging on to your remote servers. It is meant to replace the more traditional way of using a password to provide authentication. In this guide, we will show you how you can generate SSH key pairs on your CentOS 8 system. Then we will proceed on how you would be able to set up an SSH-based authentication system for your servers.

1) Check for existing SSH key pairs

To get started, we need to create the public and private keys that will be used in the authentication process. There might be some already generated keys on your CentOS system, and you can check that via this command:

ls -l ~/.ssh/id_*.pub

If the output says that no such directory exists, then there are no existing keys on your system. However, even if there are any keys, you can generate new ones. Although, be sure to back up the existing keys as the new keys will overwrite them.

2) Generate new SSH keys

Now, to generate the new key pairs, run the following command:

ssh-keygen -t rsa -b 4096 -C [your_email@domain.com]

You will then be prompted to choose a location to save the keys; press enter to select the default one.

After that, you will be asked for a passphrase. This is an extra security step, and it is optional. If you don’t want to use a passphrase, press enter to continue.

3) Verify

To verify the generation of the SSH keys, run the following command:

ls ~/.ssh/id_*

Your output should look something like this:

/home/username/.ssh/id_rsa /home/username/.ssh/id_rsa.pub

4) Copy the key to your server

Now that you have generated the SSH keys, it is time to use them for authentication with your server. To do that, you will be using the ssh-copy-id command-line utility.

Use the following command to install ssh-copy-id, if not already available:

cat ~/.ssh/id_rsa.pub | ssh remote_username@server_ip_address “mkdir -p ~/.ssh && chmod 700 ~/.ssh && cat >> ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys”

Now you need to append the SSH key to your server. Run the following command:

ssh-copy-id remote_username@server_ip_address

It will prompt you for the remote username’s password, type that in and press enter. You should be greeted with the output that a key has been added.

7) Login to your server with the SSH keys

We have successfully enabled SSH key authentication on your server now. To login using these SSH keys, run the following command:

ssh user@server_ip

You will be prompted for your passphrase, or if you did not set one, you would be logged in immediately.

8) Disable password authentication

Now that you have a working SSH key authentication system, there is no need for password authentication. To disable the password authentication, log in to your server.

Then open the config file using this command:

sudo nano /etc/ssh/sshd_config

Then search for these arguments and modify them accordingly:

PasswordAuthentication no

ChallengeResponseAuthentication no

UsePAM no

Now, all you need to do this refresh the SSH service and the password authentication for your server would be disabled.

sudo systemctl restart ssh

Have any questions about setting up SSH keys on CentOS 8? Please feel free to leave your questions and feedback in the comments section below!

I'm Jon Biloh and I own LowEndBox and LowEndTalk. I've spent my nearly 20 year career in IT building companies and now I'm excited to focus on building and enhancing the community at LowEndBox and LowEndTalk.

No Comments

    Leave a Reply

    Some notes on commenting on LowEndBox:

    • Do not use LowEndBox for support issues. Go to your hosting provider and issue a ticket there. Coming here saying "my VPS is down, what do I do?!" will only have your comments removed.
    • Akismet is used for spam detection. Some comments may be held temporarily for manual approval.
    • Use <pre>...</pre> to quote the output from your terminal/console, or consider using a pastebin service.

    Your email address will not be published. Required fields are marked *