SSH keys can serve as a means of identifying yourself to an SSH server using public-key cryptography and challenge-response authentication. The major advantage of key-based authentication is that in contrast to password authentication it is not prone to brute-force attacks and you do not expose valid credentials, if the server has been compromised.

Furthermore SSH key authentication can be more convenient than the more traditional password authentication. When used with a program known as an SSH agent, SSH keys can allow you to connect to a server, or multiple servers, without having to remember or enter your password for each system.

Key-based authentication is not without its drawbacks and may not be appropriate for all environments, but in many circumstances it can offer some strong advantages. A general understanding of how SSH keys work will help you decide how and when to use them to meet your needs.

In this guide, we’ll  set up SSH keys for a CentOS 7

Generate a Key Pair

  • Open Terminal
# ssh-keygen
Enter file in which to save the key (/home/<username>/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):

Enter same passphrase again:
Your identification has been saved in /home/<username>/.ssh/id_rsa.
Your public key has been saved in /home/<username>/.ssh/id_rsa.pub.

The key fingerprint is: SHA256:gGJtSsV8BM+7w018d39Ji57F8iO6c0N2GZq3/RY2NhI
[email protected]
The key's randomart image is:

+---[RSA 3072]----+
| ooo. |
| oo+. |
| + +.+ |
| o + + E . |
| . . S . . =.o|
| . + . . [email protected]|
| + . oo*=O|
| . . .+=o+|
| o=ooo+|
+---- [SHA256] -----+

You now have a public and private key that you can use to authenticate. The next step is to place the public key on your server so that you can use SSH-key-based authentication to log in.

Upload your Public Key

There are a few different ways to upload your public key

1. Using ssh-copy-id

ssh-copy-id  is a utility available on some operating systems that can copy a SSH public key to a remote server over SSH.

# ssh-copy-id [email protected]_host

/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/your_username/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys [email protected]_host password:

Number of key(s) added: 1

Now try logging into the machine, with: “ssh ‘[email protected]remote_host‘ “ and check to make sure that only the key(s) you wanted were added.

2. Using Secure Copy (scp)

Secure Copy (scp) is a tool that copies files from a local computer to a remote server over SSH

Connect to your server via SSH with the user you would like to add your key to:

# ssh [email protected]_host

Create the ~/.ssh  directory and authorized_keys  file if they don’t already exist:

mkdir -p ~/.ssh && touch ~/.ssh/authorized_keys

Give the ~/.ssh directory and authorized_keys  files appropriate file permissions:

chmod 700 ~/.ssh && chmod 600 ~/.ssh/authorized_keys

In terminal on your local machine, use scp to copy the contents of your SSH publickey(id_rsa.pub) into the authorized_keys file on your server.

scp ~/.ssh/id_rsa.pub [email protected]_host:~/.ssh/authorized_keys

Now you can log in to the server with your key.

3. Copying Public Key Manually

If you do not have password-based SSH access to your server available, you will have to complete the above process manually.

We will manually append the content of your id_rsa.pub  file to the ~/.ssh/authorized_keys file on your remote machine.

To display the content of your id_rsa.pub key, type this into your local computer:

# cat ~/.ssh/id_rsa.pub

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCyVGaw1PuEl98f4/7Kq3O9ZIvDw2OFOSXAFVqilSFNkHlefm1iMtPeqsIBp2t9cbGUf55xNDULz/bD/4BCV43yZ5lh0cUYuXALg9NI29ui7PEGReXjSpNwUD6ceN/78YOK41KAcecq+SS0bJ4b4amKZIJG3JWmDKljtv1dmSBCrTmEAQaOorxqGGBYmZS7NQumRe4lav5r6wOs8OACMANE1ejkeZsGFzJFNqvr5DuHdDL5FAudW23me3BDmrM9ifUzzjl1Jwku3bnRaCcjaxH8oTumt1a00mWci/1qUlaVFft085yvVq7KZbF2OPPbl+erDW91+EZ2FgEi+v1/CSJ5 [email protected]

Note that the public key begins with ssh-rsa  and ends with [email protected]

Copy that text, connect to your server via SSH with the user you would like to add your key to:

# ssh [email protected]_host

Create the ~/.ssh  directory and authorized_keys file if they don’t already exist:

# mkdir -p ~/.ssh && touch ~/.ssh/authorized_keys

Give the ~/.ssh directory and authorized_keys files appropriate file permissions:

# chmod 700 ~/.ssh && chmod 600 ~/.ssh/authorized_keys

Open the authorized_keys file with the text editor. Then, paste the contents of your public key that you copied in step one on a new line at the end of the file. Save and close the file.

Now you can log in to the server with your key.

Creating SSH shortcuts

Instead of using SSH on an IP address that you’ll definitely forget, you can use shortcuts instead

# cd ~/.ssh

# vi config

Add an entry for each computer you want to connect to, like this:

Host test
   HostName remote_host
   Port 22
   User your_username
   IdentityFile ~/.ssh/id_rsa

Now, you can ssh into the server with the shortcut.

# ssh test

You should now have SSH-key-based authentication configured on your server, allowing you to sign in without providing an account password.

Tagged: