set up ssh key

Secure Shell (SSH) is an encrypted key used by Linux users to connect to remote servers. Normally, two ways users can access to their servers – password based authentication or public key based authentication. Public key based authentication is highly recommended, as a safer alternative to passwords authentication. Here I will show you the steps how to generate and setup SSH key on CentOS 7. I also show you how to connect remote server using ssh key and How to disable password authentication. If the remote server already has SSH, the command shows you which version is running. Currently, my version is OpenSSH_7.4p1. We will create SSH Key on local machine. Here I will show how to create SSH key on Windows machine and how to create SSH key on Linux machine. Creating SSH key on Windows machine (Windows based user) I am using putty key generator for creating ssh key. (You can download puttygen from this link: https://www.puttygen.com/download-putty) Open the software Putty key generator and click Generate button. Move your cursor continually from various angle till you get the key. Once you get the key, go to Key passphrase and give some number. (Here I use 123456). Now click Save public key and again save private key on your local directory. Done! Creating SSH key on CentOS (Linux based user) Step 1: Generate SSH Key 1. I going to create 2048-bit RSA key pair using the command: If you want to tighten up more security, you can create a 4096-bit key by adding the -b 4096 flag: 2. After previous command, you should see something like that: 3. Save the file in suggested directory, press Enter. Otherwise, you can specify another location. 4. Next, use some number for passphrase: (Creating a passphrase isn’t mandatory, but it is highly advisable.) 5. Finally, the output ends by providing the following information: Now, you need to add public key to the remote CentOS server. Step 2: Copy Public Key to CentOS Server You can copy the public SSH key on the remote server using several different methods: The easiest and fastest method is ssh-copy-id. If the option is available, I recommend you to use it. Otherwise, try other method. Copy Public Key Using ssh-copy-id 1. Use following command, specifying the SSH user account, and the IP address of the remote server: If it is the first time you accessing that remote server from your local machine you will receive the following output: 2. Confirm the connection – type yes and press Enter. 3. Once the id_rsa.pub key creates on the local machine, it will ask you to provide the password for the remote account. Type in the password and press Enter. 4. Once the connection has been established, the public key adds on the remote server. This is done by copying the ~/.ssh/id_rsa.pub file to the remote server’s ~/.ssh directory. You can locate it under the name authorized_keys. 5. Finally, the output tells you the number of keys added, and give you instructions on what to do next: Copy Public Key Using Secure Copy 1. First, setup an SSH connection with the remote user: 2. Next, create the ~/.ssh directory as well as the authorized_keys file: 3. Use chmod command to change the file permission: chmod 700 makes the file executable, while chmod 600 allows the user to read and write the file. 4. Now, open a new terminal session, on the local machine. 5. Copy the content from id_rsa.pub (the SSH public key) to the previously created authorized_keys file on the remote server by typing the command: This way, the public key has been safely stored on the remote account. Copy Public Key Manually  1. This way you can manually add the public SSH key to the remote server, first need displays the key data from the ~/.ssh/id_rsa.pub file: 2. As the following image, the key starts with ssh-rsa and ends with the username of the local computer and hostname of the remote server: 3. Copy the content of the file. 4. Now, connect to the remote server where you wish to copy the public key. Use the following command to connect with the remote server: 5. Create a ~/.ssh directory and authorized_keys file on the remote CentOS server by following command: 6. Change the file permission: 7. Next, open the authorized_keys file with an editor. Here I open it with Nano command, type: 8. Paste the public key, you copied in step 2, in a new line in (under the existing content). 9. Save the file (for nano Ctrl+X, Y and press enter to save and close the file). 10. Finally, login to remote server to verify that everything is setup perfectly. Step 3: Using SSH Keys connect to Remote Server Once you have finished the previous steps (creating an RSA Key Pair and copying the Public Key to the CentOS remote server), now you will be able to connect to the remote server without typing the password for the remote account. All you need to do by following command: If you didn’t specify a passphrase while creating the SSH key pair, you will automatically log in the remote server. Otherwise, type in the passphrase you supplied in the initial steps and press Enter. Once it confirms the key automatically, it will open a new session for direct communicate with the remote server. Step 4: How to Disable Password Authentication It is important to Disable Password Authentication for remote Linux server, it still has a password authentication system running on the remote server. Password Authentication may increase the risk of brute force attack. Password authentication should disable by following steps: [Note: I prefer you to follow these steps through a non-root user account with sudo privileges, as an additional safety.] 1. Using the SSH key, log into the remote CentOS server which has administrative privileges: 2. Next, open the SSH daemon configuration file using a text editor of your choice: 3. Look for the following line in the file: 4. Copy the line and give # in front of (#PasswordAuthentication yes) paste the line bellow the line and change the yes value to no: 5. Save the ssh file and exit the text editor. 6. To enable the changes, restart the sshd service using the command: 7. Verify the SSH connection to the server is still functioning correctly.