Linux Tactic

Secure Remote Access to Servers: Generating SSH Keys on CentOS

SSH, or Secure Shell, is a widely used protocol that allows secure communication between two computers over an unsecured network. One of the most common uses of SSH is remote access to servers, which provides users with the ability to manage their server without physically being there.

In this article, we will discuss the process of generating SSH keys on CentOS, copying the public key to the server, and the significance of these steps.

Generating SSH Keys on CentOS

Before we delve into generating SSH keys on CentOS, we need to determine if there are any pre-existing key pairs on our system. To find out, open your terminal, and type the following command:

$ ls ~/.ssh/

This command checks the default SSH directorys existence, which is ~/.ssh/.

If it returns the error message, then the directory does not exist, and we can proceed with the generation of the key pair. Generating a new SSH key pair is relatively simple.

Begin by running the ssh-keygen command, which is the command-line tool for creating SSH keys. When prompted to enter the filename for storing the key, press Enter to save it as the default filename.

After that, you will be prompted to add a passphrase to your private key for added security. Now, hit enter to skip the passphrase setup or enter a passphrase as per your requirement.

$ ssh-keygen -t rsa

After the command runs, the system generates two files: a private key (id_rsa) and a public key (id_rsa.pub), which are both located in the ~/.ssh/ directory. We can verify key pair generation by running the ls command, which should display the public and private keys.

$ ls ~/.ssh/

Copying the Public Key to the Server

After generating our key pair, we can copy the public key to the server. There are two ways to accomplish this: using the ssh-copy-id utility or the cat command.

The ssh-copy-id utility is a straightforward method to copy the public key to the server quickly. We must pass two arguments to the ssh-copy-id command: the remote username and the IP address of the server.

$ ssh-copy-id remote_username@server_ip_address

After running this command, you will be prompted to enter the password for the remote user. Once you enter the correct password, the public key from your workstation will be added to the authorized_keys file on the server.

Alternatively, instead of using the ssh-copy-id command, we can also use the cat command to append the public key to the remote servers authorized_keys file. This method will work without the requirement of sshd service running on the server.

$ cat ~/.ssh/id_rsa.pub | ssh remote_username@server_ip_address “mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys”

This command first creates an SSH directory if it does not exist, followed by appending the public key to the authorized_keys file.

Significance of Generating SSH Keys

SSH keys provide a more secure method to authenticate when accessing remote servers compared to passwords, which can be cracked. Using SSH keys also eliminates the need to enter a password each time you access a server, which saves time and can be more efficient, especially as the number of servers accessed increases.

Moreover, it also remains critical to backup private keys as they offer access to the systems. One can store them in an encrypted USB drive or a trusted third-party system such as a password manager.

Conclusion

To sum it up, generating SSH keys on CentOS and copying the public key to the server are straightforward processes that improve security and reduce the need for repeated password entry. By following these steps, you can manage your server or remote machine efficiently and safely.

Thus, using SSH keys remains essential for secure remote connections.

3) Logging in to the Remote Server using SSH keys

Now that we have generated our SSH key pair and copied the public key to the server, we can log in to the remote server using SSH keys. When logging in, the server will prompt the SSH client to provide the decrypted private key passphrase to verify the user’s identity.

To log in to the remote server, we need to use the ssh command. The command’s syntax is as follows:

$ ssh {remote_username}@{server_ip_address}

If you followed the previous steps, you should be able to log in without a password prompt.

If you set up a passphrase for your private key, then the server will prompt you to enter the passphrase before logging in. One way to ensure that SSH key-based authentication is working is to try logging in as a user that doesn’t have a password.

If you disabled password authentication, then this should result in a failed login attempt. $ ssh {non_password_user}@{server_ip_address}

If the login attempt fails, it means SSH key-based authentication is working correctly.

On the other hand, if the login attempt succeeds, you need to double-check your SSH configuration and ensure that the PasswordAuthentication setting is set to “no.”

4) Disabling SSH Password Authentication

Disabling SSH password authentication is a security best practice and an effective way to prevent unauthorized access attempts. Instead of passwords, we will be using SSH keys to authenticate user access.

To disable SSH password authentication, we need to follow a few steps. Step 1: Log in to the remote server as a user with sudo privileges.

$ ssh {sudo_user}@{server_ip_address}

Step 2: Modify the SSH configuration file. Open the sshd_config file in an editor of your choice.

We will use the nano editor in this example. $ sudo nano /etc/ssh/sshd_config

Inside the file, find the “PasswordAuthentication” option, uncomment it, and change its value to “no.” Additionally, find the “PermitRootLogin” option, uncomment it, and change its value to “no” to prevent root login.

# Change to no to disable tunnelled clear text passwords

PasswordAuthentication no

# Change to no to disable root login for the login window

PermitRootLogin no

Save the file and exit the editor. Step 3: Restart SSH service.

To apply the changes to the SSH configuration, we need to restart the SSH service using the systemctl command. $ sudo systemctl restart ssh

After restarting the SSH service, password authentication will no longer work, and users will need to use SSH keys to authenticate.

In

Conclusion

Disabling SSH password authentication and using SSH keys instead is a security best practice that helps prevent unauthorized access attempts. By logging in to the remote server using SSH keys, we can ensure that we can securely manage our server or remote machine without the need for passwords.

By following the above mentioned steps, you can disable password authentication and enable SSH key-based authentication on the remote server. Remember to use strong passphrases and backup private keys for added security.

5)

Conclusion

In this article, we have discussed the process of generating SSH keys on CentOS, copying the public key to the server, logging in to the remote server using SSH keys, and disabling SSH password authentication.

SSH key-based authentication provides a more secure method of authentication than passwords since it eliminates the risk of password theft or cracking.

Using SSH keys also eliminates the need to enter a password each time a user logs in, saving time and increasing efficiency.

To generate an SSH key pair, we need to check for existing key pairs and then generate a new key pair using the ssh-keygen command.

Afterward, we can copy the public key to the server using either the ssh-copy-id utility or the cat command.

Once the public key is copied, we can log in to the remote server using the ssh command without needing a password.

If the passphrase was set up, the server will prompt for the passphrase before logging in. Verifying SSH key-based authentication is simple by attempting to log in using a user that doesn’t have a password.

Disable SSH password authentication improves the security of our servers. To disable password authentication, we need to modify the SSH configuration file sshd_config and set the PasswordAuthentication option to “no.” We also need to set the PermitRootLogin option to “no” to prevent root login.

Once the changes are made, we need to restart the SSH service using the systemctl command. In conclusion, SSH key-based authentication and disabling SSH password authentication are easy to implement, improves the security of our servers, and saves time and effort in managing our servers.

Following these best practices can help prevent unauthorized access attempts to our servers, keeping sensitive data secure and safe. It is essential to use strong passphrases and backup private keys for added security.

In conclusion, SSH key-based authentication and disabling SSH password authentication are simple and effective methods of securing remote access to servers. Generating SSH keys, copying the public key to the server, and using the SSH command for login are essential steps for secure remote connections.

Additionally, disabling password authentication and enabling SSH key-based authentication is crucial in preventing unauthorized access attempts. By following these best practices, we can ensure the security of our servers, save time, and increase efficiency.

Remember to use strong passphrases, backup private keys, and periodically audit and update SSH configurations for added security.

Popular Posts