This article covers how to create a new SSH key pair and set up an SSH key-based authentication. You can set up same key to multiple remote hosts on CentOS system. Also, you will learn how to disable SSH password authentication.

SSH, or secure shell, is an encrypted protocol used to administer and communicate with servers. When working with a CentOS server, chances are, you will spend most of your time in a terminal session connected to your server through SSH.

SSH keys are typically configured in an authorized_keys file in . ssh subdirectory in the user's home directory. Typically a system administrator would first create a key using ssh-keygen and then install it as an authorized key on a server using the ssh-copy-id tool.

The public key should be stored in the ~/. ssh/authorized_keys file on the server.

To Create the RSA Key Pair:

1. Execute the command below to create a key pair on the client machine (usually your computer):

$ ssh-keygen

2. Press ENTER to save the key pair into the .ssh/ subdirectory in your home directory, or specify an alternate path.

Best Practices to improve SSH Key Security:

  • Discover all SSH Keys and Bring Under Active Management.
  • Ensure SSH Keys Are Associated With a Single Individual.
  • Enforce Minimal Levels of User Rights Through PoLP.
  • Stay Attentive to SSH Key Rotation.
  • Eliminate Hardcoded SSH Keys.
  • Audit All Privileged Session Activity.

This article covers how to setup an SSH key-based authentication as well how to connect to your Linux server without entering a password.
To set up a passwordless SSH login in Linux all you need to do is to generate a public authentication key and append it to the remote hosts ~/.ssh/authorized_keys file.

To Disable SSH Password Authentication
To add an extra layer of security to your server you can disable the password authentication for SSH.
Before disabling the SSH password authentication make sure you can log in to your server without a password and the user you are logging in with has sudo privileges.
The following steps describe how to configure sudo access:
1. Log into your remote server with SSH keys, either as a user with sudo privileges or root:

# ssh sudo_user@server_ip_address

2. Open the SSH configuration file /etc/ssh/sshd_config, search for the following directives and modify as it follows:

PasswordAuthentication no
ChallengeResponseAuthentication no
UsePAM no

3. Once you are done save the file and restart the SSH service.
On Ubuntu or Debian servers, run the following command:

# sudo systemctl restart ssh

On CentOS or Fedora servers, run the following command:

# sudo systemctl restart sshd

More Linux Tutorials

We create Linux HowTos and Tutorials for Sys Admins. Visit us on IbmiMedia.com

Also for Tech related tips, Visit forum.outsourcepath.com or General Technical tips on www.outsourcepath.com