CentOS 8 Setting Up Access With SSH
Introduction
This guide explains how to create SSH keys, add the public key to your CentOS 8 server, and configure sshd
for passwordless login.
Step 1 – Creating SSH key pair
First, you need to create a SSH key pair on your computer if you already don’t have them.
In your terminal on your local computer, run:
ssh-keygen
After that, running this command, you should see the following prompt:
Output
Generating public/private rsa key pair.
Enter file in which to save the key (/your_home/.ssh/id_rsa):
Press ENTER to save this SSH key pair into the ./ssh
subdirectory in your home directory, or specify an alternate path if you want.
After this you should see the following output:
Output
Your identification has been saved in /your_home/.ssh/id_rsa.
Your public key has been saved in /your_home/.ssh/id_rsa.pub.
The key fingerprint is:
your_fingerprint_key username@remote_host
The key's randomart image is:
+--[ RSA 2048]----+
| ..o |
| E o= . |
| o. o |
| .. |
| ..S |
| o o. |
| =o.+. |
|. =++.. |
|o=++. |
+-----------------+
In the above example your_home
is your computer’s home directory
You have created a public and private key pair. We will copy the public key to the server. To view your public key:
cat ~/.ssh/id_rsa.pub
You will see very long string that starts with ssh-rsa.
Step 2: Adding SSH key to CentOS server
SSH to your server and create the .ssh
directory, if it doesn’t already exist:
mkdir -p ~/.ssh
Add the public key from Step 1 to ~/.ssh/authorized_keys
. Replace public_key_string
with the contents of id_rsa.pub
from Step 1:
echo public_key_string >> ~/.ssh/authorized_keys
Log out of the server, then log back in:
ssh root@your_server_ip
If you’re connecting like this to your server for the first time, you will see the following message:
Output
The authenticity of host 'your_server_ip' can't be established.
ECDSA key fingerprint is your_finderprint_id.
Are you sure you want to continue connecting (yes/no)?
If you see this message, answer yes
and press ENTER
You will also be prompted for your server root password. We will cover how to disable this in the next step.
Step 3: Disabling Password Authentication
Your SSH key based authentication is configured, but password authentication is still active.
To change this you need to make some changes to the file sshd_config
which is located in /etc/ssh
directory.
After that, You can open that file with this command:
sudo vi /etc/ssh/sshd_config
In the file you need to find and change several lines
Permit Root Login should be set to yes
...
PermitRootLogin yes
...
Password Authentication should be set to no
...
PasswordAuthentication no
...
Challenge Response Authentication should be set to no
...
ChallengeResponseAuthentication no
...
Using of Password Authentication Method (PAM) should be set to yes
...
UsePAM yes
...
After you are finished making changes, press ESC and then :WQ.
For this change to take effect, restart the sshd
service:
sudo systemctl restart sshd.service
Before closing your terminal where you are connected to the server, open a new terminal window and run this command
ssh root@your_server_ip
Now you should be connected to your server without password and only with your SSH key. This means that your SSH based authentication is successfully configured and password authentication is disabled.
Need help with CentOS 8?
In conclusion, Do you need help with CentOS 8 setting up this on your own service?
Please contact us and we’ll provide you the best possible quote!