This brief tutorial is going to show you how to log on to a SSH server without passwords using only SSH encryption keys. The reason you may want to do this is to enable more secured form of authenticating to your SSH enabled servers.
Using password authentication against SSH isn’t bad as long as the password is highly complicated and long beyond normal password strengths. But creating long and complicated passwords may also encourage you to write it down on a piece of paper or stored somewhere in an unsecured manner.
That’s why using encryption keys to authenticate SSH connection is a more secured alternative.
Passwords also stand the risk of being guessed or cracked. SSH authentication on the other hand makes it virtually impossible for anyone to brute force their way into your servers. So, if you need a more secured way to sign on to your SSH server, implement password-less authentication and enable SSH key exchange.
This simple tutorial is going to show you how to do it in CentOS.
The first thing is to verify if SSH is installed. If it’s not installed run the commands below to install SSH in CentOS.
yum -y install openssh-server
- Create the client private/public key pair
When you run the command to generate a public/private key pair, it creates two sets of encryption keys on the client computer. One is a private key and the other is its public key.
The private key always stays with the client. The public key is shared or copied to computers the client wishes to trust. Only by pairing the correct private and public keys of the client requesting access will authentication be allowed on the server.
If the server which has the client’s public key isn’t able to match or pair the correct private key submitted by the client with its public key stored on the server, the connection will be rejected.
So, lets create the client private/public key. To do that, run the commands below on the client computer.
ssh-keygen -t rsa
After running the above commands, you’ll be prompted to complete a series of tasks. The first will be where to save the keys, press Enter to choose the default location which is in a hidden .ssh folder of your home directory (/root/.ssh/).
The next prompt will be to Enter a passphrase. I personally leave this blank (just press enter) to continue. It will then create the key pair and you’re done.
After generating the keys, you will then to copy the client’s public key to the SSH server computer or host it wants to create trust relationship with.
- Copy the client public key to the SSH computer
After generating the key pair, you must copy the client computer public key to the SSH server host. The public key should be stored in the ~/.ssh/authorized_keys file on the server.
This file contains public keys of all clients that have sent or copied their keys to the server. The server uses to this file to match the public and private key pair.
To copy the client public to the server, run the commands below.
cat ~/.ssh/id_rsa.pub | ssh root@Server_IP_Address "cat >> ~/.ssh/authorized_keys"
Alternatively, you may run the below commands to copy the key from the client to the server.
ssh-copy-id user@server_ip_address or hostname
- Edit SSH file configuration to only allow key log on
Finally, go and edit SSH configuration file to only allow SSH key login and disable password login. It’s also known as password-less logon.
To do that, open the file using the commands below.
vi /etc/ssh/sshd_config
Then uncomment and change the lines to match the ones below. Make sure these lines are un-commented, meaning they don’t have the (#) before it.
PubkeyAuthentication yes
AuthorizedKeyFile .ssh/authorized_keys
PasswordAuthentication no
ChallengeResponseAuthentication no
Save the file and reload SSH server by running the commands below.
service sshd reload
Now try accessing the SSH server and it shouldn’t prompt you to enter your password..
Enjoy!
Frequently Asked Questions
How to enable SSH key logon in CentOS for more secure authentication?
To enable SSH key logon in CentOS, you need to generate a public/private key pair on the client computer and copy the public key to the server. This allows for password-less authentication and enhances security.
What is the advantage of using SSH encryption keys for authentication?
Using SSH encryption keys for authentication provides a more secure alternative to password authentication. It reduces the risk of passwords being guessed or cracked and makes it virtually impossible for unauthorized access through brute force attacks.
How can I disable password logon and implement password-less authentication in CentOS SSH server?
To disable password logon and implement password-less authentication in CentOS SSH server, you need to generate SSH encryption keys, copy the public key to the server, and configure SSH to only allow key-based logins.
Why is it recommended to use encryption keys for SSH authentication instead of passwords?
It is recommended to use encryption keys for SSH authentication instead of passwords because keys provide a higher level of security. Passwords can be vulnerable to being guessed, cracked, or intercepted, while encryption keys offer a more secure and reliable authentication method.
What is the process of creating a client private/public key pair for SSH authentication?
Creating a client private/public key pair involves generating the keys on the client computer, keeping the private key secure, and sharing the public key with servers that the client wants to access. This ensures secure authentication without the need for passwords.
How does SSH key exchange enhance the security of SSH server logon?
SSH key exchange enhances the security of SSH server logon by enabling password-less authentication. It ensures that only authorized users with the correct key pairs can access the server, reducing the risk of unauthorized access and enhancing overall security.
What are the risks associated with using password authentication for SSH servers?
Using password authentication for SSH servers poses risks such as passwords being vulnerable to being guessed, cracked, or intercepted. It may also lead to users creating weak passwords or storing them in unsecured ways, compromising server security.
How can I verify if SSH is installed and install it in CentOS?
To verify if SSH is installed in CentOS, you can run the command 'yum -y install openssh-server'. If SSH is not installed, this command will install it on your CentOS system, allowing you to proceed with setting up SSH key logon.