How do you configure SSH key-based authentication in CentOS?
Learn how to configure SSH key-based authentication in CentOS to improve security and simplify remote access. Step-by-step guide included.
Configuring SSH key-based authentication in CentOS involves generating an SSH key pair, copying the public key to the server, and configuring the SSH daemon to accept key-based authentication. Here’s a step-by-step guide:
### Step 1: Generate an SSH Key Pair
1. On your local machine, open a terminal.
2. Generate an SSH key pair using the `ssh-keygen` command:
```
ssh-keygen -t rsa -b 4096 -C "your_email@example.com"
```
- `-t rsa`: Specifies the type of key to create, in this case, RSA.
- `-b 4096`: Specifies the number of bits in the key, 4096 is more secure.
- `-C "your_email@example.com"`: Adds a comment to the key, usually an email address.
3. When prompted to enter a file to save the key, press `Enter` to accept the default location (`~/.ssh/id_rsa`).
4. Enter a passphrase for added security (optional but recommended).
### Step 2: Copy the Public Key to the Server
1. Use the `ssh-copy-id` command to copy the public key to your CentOS server:
```
ssh-copy-id your_username@your_server_ip
```
Replace `your_username` with your SSH username and `your_server_ip` with your server's IP address.
2. Enter your password when prompted. This command appends your public key to the `~/.ssh/authorized_keys` file on the server.
If `ssh-copy-id` is not available, you can manually copy the public key:
1. Print the public key to the terminal:
```
cat ~/.ssh/id_rsa.pub
```
2. Copy the output of the above command.
3. Connect to your CentOS server:
```
ssh your_username@your_server_ip
```
4. Create the `.ssh` directory and the `authorized_keys` file if they do not exist:
```
mkdir -p ~/.ssh
touch ~/.ssh/authorized_keys
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys
```
5. Open the `authorized_keys` file with a text editor:
```
nano ~/.ssh/authorized_keys
```
6. Paste the public key into the file, save, and exit.
### Step 3: Configure the SSH Daemon to Accept Key-Based Authentication
1. Edit the SSH daemon configuration file on your server:
```
sudo nano /etc/ssh/sshd_config
```
2. Ensure the following settings are configured (uncomment or modify as needed):
```
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
```
3. Optional: Disable password authentication to enhance security:
```
PasswordAuthentication no
```
4. Save and exit the file.
5. Restart the SSH service to apply the changes:
```
sudo systemctl restart sshd
```
### Step 4: Test SSH Key-Based Authentication
1. On your local machine, connect to your CentOS server using SSH:
```
ssh your_username@your_server_ip
```
2. If everything is configured correctly, you should be able to log in without being prompted for a password.
### Step 5: (Optional) Additional Security Measures
1. **Disable Root Login**: To prevent direct root access over SSH, edit the SSH daemon configuration file:
```
sudo nano /etc/ssh/sshd_config
```
Set the following:
```
PermitRootLogin no
```
2. **Limit SSH Access**: Allow only specific users to access the server via SSH:
```
AllowUsers your_username
```
3. **Update Firewall Rules**: Ensure your firewall allows SSH traffic on the default or configured SSH port:
```
sudo firewall-cmd --permanent --add-service=ssh
sudo firewall-cmd --reload
```
If you changed the SSH port, allow the new port:
```
sudo firewall-cmd --permanent --add-port=2222/tcp
sudo firewall-cmd --reload
```
Following these steps will set up SSH key-based authentication on your CentOS server, enhancing security by eliminating the need for password-based logins.
What's Your Reaction?
