Installation of SSH Keys on Linux - A Step-By-Step Guide. Outlined below is a step-by-step guide detailing the process of installing SSH Keys on a Linux server: Step One: Creation of the RSA Key Pair. The first step in the installation process is to create the key pair on the client machine, which would, more often than not, be your own system. An SSH key pair can be generated by running the ssh-keygen command, defaulting to 3072-bit RSA (and SHA256) which the ssh-keygen(1) man page says is ' generally considered sufficient ' and should be compatible with virtually all clients and servers. Anything.pub is the public key, which you could append to the user's /.ssh/authorizedkeys on any destination server. The other file, just called anything is the private key and therefore should be stored safely for the user. The default location would be username/.ssh/idrsa (here named idrsa, which is default for rsa keys). I want to add a user to Red Hat Linux that will not use a password for logging in, but instead use a public key for ssh. This would be on the command line. Nov 10, 2011 How to Generate A Public/Private SSH Key Linux By Damien – Posted on Nov 10, 2011 Nov 18, 2011 in Linux If you are using SSH frequently to connect to a remote host, one of the way to secure the connection is to use a public/private SSH key so no password is transmitted over the network and it can prevent against brute force attack.
I am a new RHEL 8 server sysadmin. How do I configure SSH public key-based authentication for RHEL (Red Hat Enterprise Linux) 8 server?
Where,
The procedure to set up SSH key on Red Hat Enteprise Linux 8 server:
Let us see all commands and steps in details.
The syntax is:ssh-keygen -t ed25519
ssh-keygen -t rsa
ssh-keygen -t rsa -b 4096 -f ~/.ssh/aws-lighsail.key -C 'My AWS SSH Keys'
ssh-keygen -t ed25519 -f ~/.ssh/linode-usa-www1-vps.key -C 'My Linode SSH Keys for www'
Where,
I am going type the following command on my Ubuntu desktop to create the key pair:$ ssh-keygen -t ed25519
I strongly recommend that you set up a passphrase when prompted.
Now our key paid generated and stored in ~/.ssh/ directory. You must copy a public SSH key file named ~/.ssh/id_ed25519.pub (or ~/.ssh/id_rsa.pub if you created RSA key) to the RHEL 8 server. Try the ssh-copy-id command as follows:$ ssh-copy-id -i ~/.ssh/fileNameHere.pubuser@remote-RHEL8-server-ip
For example:$ ssh-copy-id -i ~/.ssh/id_ed25519.pub [email protected]
Now try logging into the machine, with the ssh command as follows:$ ssh user@rhel-8-server
$ ssh [email protected]
You should be able to log in without a password. If you set up a passphrase, unlock it as follows for your current session so that you don’t have to enter it every time you run ssh, sftp, scp, rsync and other commands:$ ssh-agent $SHELL
$ ssh-add
Disable root user log in all together on RHEL 8 via ssh. Log in as root user on RHEL 8 and run following to add a user named vivek to wheel group:# usermod -aG wheel vivek
# id vivek
Allows users in group wheel can use sudo command to run all commands on RHEL 8 server. Next disable root user login by adding the following line to sshd_config:# vi /etc/ssh/sshd_config
Disable the password for root login and only allow ssh keys based login:
Save and close the file. Reload the ssh server:# systemctl reload sshd.service
For more info see “Top 20 OpenSSH Server Best Security Practices“.
You learned how to set up and use SSH keys to manage your RHEL 8 based server. For more info see OpenSSH man pages here.
ADVERTISEMENTS