This article covers how to create a new SSH key pair and set up an SSH key-based authentication. You can set up same key to multiple remote hosts on CentOS system. Also, you will learn how to disable SSH password authentication.
SSH, or secure shell, is an encrypted protocol used to administer and communicate with servers. When working with a CentOS server, chances are, you will spend most of your time in a terminal session connected to your server through SSH.
SSH keys are typically configured in an authorized_keys file in . ssh subdirectory in the user's home directory. Typically a system administrator would first create a key using ssh-keygen and then install it as an authorized key on a server using the ssh-copy-id tool.
The public key should be stored in the ~/. ssh/authorized_keys file on the server.
To Create the RSA Key Pair:
1. Execute the command below to create a key pair on the client machine (usually your computer):
2. Press ENTER to save the key pair into the .ssh/ subdirectory in your home directory, or specify an alternate path.
Best Practices to improve SSH Key Security:
- Discover all SSH Keys and Bring Under Active Management.
- Ensure SSH Keys Are Associated With a Single Individual.
- Enforce Minimal Levels of User Rights Through PoLP.
- Stay Attentive to SSH Key Rotation.
- Eliminate Hardcoded SSH Keys.
- Audit All Privileged Session Activity.