How To Set Up SSH Keys on CentOS 7

We’ll show you, how to set up SSH Keys on CentOS 7. SSH (Secure Socket Shell) is an open source, UNIX based, network protocol that provides users with a secure and encrypted way to login to remote computers, transfer files securely between the computers (SCP), command execution on remote servers, automate tasks between multiple servers on the network, and much more. SSH supports several authentication methods. In this tutorial we will configure SSH with public key authentication on CentOS 7 VPS, so instead of logging to your CentOS 7 VPS as usual using a username and password, you will be able to authenticate using a trusted SSH key which will increase the security of your server.

Prerequisites

– Two CentOS 7 servers (local and remote) with OpenSSH installed.
– SSH root access to the VPS which comes by default with all our VPS hosting plans.

Create SSH keypar on the local server

Make sure that OpenSSH is installed on both servers. You can check if it is installed with the following command

ssh -V
OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017

In case it is not installed, you can easily install OpenSSH

yum -y install openssh

First we will create SSH public and private key on the local server using the ssh-keygen tool provided by OpenSSH. You will be prompted to enter the location of the key. If there is no another key you can use the suggested location. You will be also prompted to enter a passphrase for your private key or leave it empty. Our recommendation is to set a strong passphrase. Run the following command to create a keypair with rsa algorithm:

ssh-keygen -t rsa
Output:
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:FwWsYtA474WmEreIPiQnIG39nq7m90oPPvYXg5cjmb0 root@cekov
The key's randomart image is:
+---[RSA 2048]----+
| o .... |
| + . .. |
| . . + . .. |
|o + o * o . |
|oo + B oS=.. |
|+.+ o o =.B |
|+o . .o. o = |
| o .o*o E |
| .oo=+=+. |
+----[SHA256]-----+

This will create 2048 bit keypair in the /root/.ssh directory on the local server, as shown above. Once the keypar is created on the local server, we have to copy the public key to the remote system that you want to access via SSH.

Copy the public key to the remote server

Next, we need to copy the newly created public key to our remote CentOS 7 VPS. We can easily do this using the ‘ssh-copy-id’ script.

ssh-copy-id root@IP_Address -p Port_number

You should get the following output:

/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '[IP_ADDRESS]:Port_Number ([IP_ADDRESS]:7022)' can't be established.
ECDSA key fingerprint is SHA256:yHkLjJ/J3AYiY5Q51UQdi8p8Fpg/P9frCIHCgu/NOYg.
ECDSA key fingerprint is MD5:96:e8:c6:6e:a0:77:7a:db:e6:d7:04:29:04:8c:50:e1.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
[email protected]'s password:

Number of key(s) added: 1

Now try logging into the machine, with: "ssh -p 'Port_Number' 'root@IP_ADDRESS'"
and check to make sure that only the key(s) you wanted were added.

Where IP_ADDRESS is the actual IP address of the remote server. The public key is successfully added and you should be able to login to the remote CentOS 7 VPS without entering a username and password. Run the following command

ssh -p 'Port_Number' 'root@IP_ADDRESS'

That’s all. If you closely followed the tutorial, you successfully configured SSH passwordless authentication between two CentOS servers. Additionally, you can strengthen the security of your server even more by disabling password authentication. To do this, open the SSH configuration file and set the PasswordAuthentication to no, as shown below

nano /etc/ssh/sshd_config

PasswordAuthentication no

Save the file and restart the SSH server for the changes to take effect.

systemctl restart sshd

Of course you don’t have to set up SSH keys on CentOS 7, if you use one of our managed Ubuntu Hosting, in which case you can simply ask our expert Linux admins to configure SSH keys for you. They are available 24×7 and will take care of your request immediately.

PS. If you liked this post, on how to set up SSH keys on CentOS 7, please share it with your friends on the social networks using the buttons on the left or simply leave a reply below. Thanks.

Leave a Comment