SlideShare a Scribd company logo

How To Setup SSH Keys on CentOS 7

VCP Muthukrishna
VCP Muthukrishna

How To Setup SSH Keys on CentOS 7

Technology
1 of 7
Download to read offline
How To Setup SSH Keys on CentOS 7 i | P a g e Table of Contents Overview.......................................................................................................................................................1 What is SSH Keys...........................................................................................................................................1 SSH Keys – Private Key..............................................................................................................................1 SSH Keys – Public Key................................................................................................................................1 SSH Keys – Algorithm................................................................................................................................1 SSH Keys – Key Size...................................................................................................................................2 SSH Keys – Files and Locations......................................................................................................................2 SSH Keys – Permissions - Set.........................................................................................................................3 SSH Keys – Permissions - Validation .............................................................................................................3 SSH Keys - Generation...................................................................................................................................4 Generate SSH Key – RSA ...........................................................................................................................4 Generate SSH Key – Private Key File.........................................................................................................4 Generate SSH Key – Passphrase................................................................................................................4 Generate SSH Key – Files ..........................................................................................................................5 Generate SSH Key – Copy ID .....................................................................................................................5 SSH Key – SSH Login......................................................................................................................................6
How To Setup SSH Keys on CentOS 7 1 | P a g e Overview In this guide we will walk through steps of generating and connecting to the host without password with ssh-keygen utility, this utility will create key pairs for automated authentication. What is SSH Keys SSH Keys uses public key cryptography for authenticating hosts and users. This key is much more secured than older version of utilizing “.rhosts” file authenticating method. In this method password is not stored in a file and in turn eliminates the possibility of password being compromised. SSH Keys – Private Key A private key that remains (only) with the user. It is imperative that key is in the possession of the specific user. A user has private key that corresponds to the public key of the server will be able to authenticate successfully. Ideally private keys have to be stored in a safe location, it should not be tampered, copied or shared with others. Private keys used for user authentication are called “Identity Keys”. SSH Keys – Public Key A public key that is copied to the SSH server(s). Anyone with a copy of the public key can encrypt data which can then only be read by the person who holds the corresponding private key. Once an SSH server receives a public key from a user and considers the key as trustworthy, then the server marks the key as authorized and subsequently its stored in “authorized_keys” file. Such keys are called “Authorized Keys”. SSH Keys – Algorithm Each key has to be generated with specific type of algorithm, different algorithm provide different level of security the below table will give insight into each algorithm its purpose is described. Algorithm Description rsa It’s an old algorithm based on the difficulty of factoring large numbers. A key size with at least 2048 bits is recommended for RSA; 4096 bits is much better. RSA is getting old and significant advances are being made in factoring. Choosing a different algorithm is recommended. In the near future RSA algorithm might be practically breakable. All SSH clients support this algorithm.
How To Setup SSH Keys on CentOS 7 2 | P a g e dsa It’s an old US government Digital Signature Algorithm. It is based on the difficulty of computing discrete algorithms. A key size of 1024 would normally be used with it. DSA in its original form is no longer recommended. ecdsa It’s a new Digital Signature Algorithm standardized by the US government, using elliptic curves. It’s probably a good algorithm for current applications. Only three key sizes are currently supported viz., 256, 384, and 521 bits. It’s recommend to utilize 521 bits, since the keys are still small and probably more secure than the smaller keys. Bigger the bits size safer the key. Most SSH clients now support this algorithm. ed25519 It’s a new algorithm added in OpenSSH. Support for it in clients is not yet universal. Its implementation in general purpose applications is not recommended for now; though it could leak if public key is incorrect. SSH Keys – Key Size By default SSH key size that gets generated is with “2048” bits, to customize bit key size set the bit key size parameter “-b” while generating the ssh key. SSH Keys – Files and Locations Each key file has important role to play, to understand each one of the file(s) and their importance, listed below are the file(s) and their location / along with their purpose is described. Location & File Purpose / Description $HOME/.ssh/identity This file contains the RSA private key when using the SSH protocol version 1. $HOME/.ssh/identity.pub This file contains the RSA public key for authentication when you are using the SSH protocol version 1. User has to copy contents in the $HOME/.ssh/authorized_keys file of the remote system where a user wants to login. $HOME/.ssh/id_dsa This file contains the protocol version 2 DSA authentication identity of the user. $HOME/.ssh/id_dsa.pub This file contains the DSA public key for authentication when you are using the SSH protocol version 2.
How To Setup SSH Keys on CentOS 7 3 | P a g e User has to copy contents in the $HOME/.ssh/authorized_keys file of the remote system where a user wants to login. $HOME/.ssh/id_rsa This file contains the protocol version 2 RSA authentication identity of the user. This file should not be readable by anyone but the user. $HOME/.ssh/id_rsa.pub This file contains the protocol version 2 RSA public key for authentication. User has to copy contents in the $HOME/.ssh/authorized_keys file of the remote system where a user wants to login. SSH Keys – Permissions - Set Each location / file has to be set to appropriate permission, location / purpose is described in below table. Location / File Set Permission - Command Purpose / Description User Home Folder chmod go-w /home/$USER chmod g-w,o-w ~ User’s home directory on the server should NOT be writable by others .ssh Folder chmod 700 /home/$USER/.ssh SSH folder on the server needs 700 authorized_keys chmod 644 /home/$USER/.ssh/authorized_keys authorized_keys has to be set to 644 authorized_keys* chmod 600 /home/$USER/.ssh/authorized_keys authorized_keys has to be set to 600; root user will also not have access, better security. .ssh Folder chown user:user /home/$USER/.ssh user owns the files/folders and not root authorized_keys chown user:user authorized_keys user owns the files/folders and not root SSH Keys – Permissions - Validation In order to validate permission set on each folder / file, execute command as per the below table. Location / File Set Permission – Command Long List – Command Permission – View Home Directory chmod 755 ~ ls -l ~ 755 or (drwxr-xr-x) .ssh (folder) chmod 700 ~/.ssh ls -l ~/.ssh 700 or (drwx------) .pub (public key file) chmod 644 ~/.ssh/*.pub ls -l ~/.ssh/*.pub 644 or (-rw-r--r--)
How To Setup SSH Keys on CentOS 7 4 | P a g e id_rsa (private Key file) chmod 600 ~/.ssh/*.id_rsa ls -l ~/.ssh/*.id_rsa 600 or (-rw-------) SSH Keys - Generation Before you login to the server without password, you need to generate ssh keys and copy generated key on to the server and you can subsequently login. Generate SSH Key – RSA Generating key is first and foremost task that we have to perform in order setup SSH Key, default Algorithm is “RSA” and key size is “2048”, to generate a new ssh key, run the command; ssh-keygen -t rsa -b 4096 Generate SSH Key – Private Key File By default ssh key file is created as “id_rsa”, optionally you can set the name of the file. Generate SSH Key – Passphrase Optionally, you can set “passphrase” or key password for the ssh key, this passphrase will be keyed-in upon logging on to the server.
How To Setup SSH Keys on CentOS 7 5 | P a g e Generate SSH Key – Files User’s private and public key generated files will be default stored in “$HOME/.ssh/” folder, wherein “id_rsa” is a private key file and “id_rsa.pub” is a public key file. In this step key’s “fingerprint” is defined along with algorithm type and key bits will will also be displayed. Generate SSH Key – Copy ID Once the ssh key is generated, next step is to copy the ssh key; to copy run the command; ssh-copy-id mvcp@salt
How To Setup SSH Keys on CentOS 7 6 | P a g e SSH Key – SSH Login After copying the ssh key; you can connect to the server without password, ssh key copied with command ssh-copy-id will be verified and validated and user will be logged into the server automatically, to connect run the command; ssh mvcp@salt

Recommended

How To Connect to Active Directory User Validation
How To Connect to Active Directory User ValidationHow To Connect to Active Directory User Validation
How To Connect to Active Directory User Validation
VCP Muthukrishna
 
How To List Files and Display In HTML Format
How To List Files and Display In HTML FormatHow To List Files and Display In HTML Format
How To List Files and Display In HTML Format
VCP Muthukrishna
 
How To Connect To Active Directory PowerShell
How To Connect To Active Directory PowerShellHow To Connect To Active Directory PowerShell
How To Connect To Active Directory PowerShell
VCP Muthukrishna
 
How To Check and Delete a File via PowerShell
How To Check and Delete a File via PowerShellHow To Check and Delete a File via PowerShell
How To Check and Delete a File via PowerShell
VCP Muthukrishna
 
How To List Files on Remote Server - PowerShell
How To List Files on Remote Server - PowerShellHow To List Files on Remote Server - PowerShell
How To List Files on Remote Server - PowerShell
VCP Muthukrishna
 
Windows PowerShell Basics – How To Create powershell for loop
Windows PowerShell Basics – How To Create powershell for loopWindows PowerShell Basics – How To Create powershell for loop
Windows PowerShell Basics – How To Create powershell for loop
VCP Muthukrishna
 
Windows PowerShell Basics - How To List PSDrive Info
Windows PowerShell Basics - How To List PSDrive InfoWindows PowerShell Basics - How To List PSDrive Info
Windows PowerShell Basics - How To List PSDrive Info
VCP Muthukrishna
 
How To Install and Configure Log Rotation on RHEL 7 or CentOS 7
How To Install and Configure Log Rotation on RHEL 7 or CentOS 7How To Install and Configure Log Rotation on RHEL 7 or CentOS 7
How To Install and Configure Log Rotation on RHEL 7 or CentOS 7
VCP Muthukrishna
 

Recommended

How To Connect to Active Directory User Validation
How To Connect to Active Directory User ValidationHow To Connect to Active Directory User Validation
How To Connect to Active Directory User Validation
VCP Muthukrishna
 
How To List Files and Display In HTML Format
How To List Files and Display In HTML FormatHow To List Files and Display In HTML Format
How To List Files and Display In HTML Format
VCP Muthukrishna
 
How To Connect To Active Directory PowerShell
How To Connect To Active Directory PowerShellHow To Connect To Active Directory PowerShell
How To Connect To Active Directory PowerShell
VCP Muthukrishna
 
How To Check and Delete a File via PowerShell
How To Check and Delete a File via PowerShellHow To Check and Delete a File via PowerShell
How To Check and Delete a File via PowerShell
VCP Muthukrishna
 
How To List Files on Remote Server - PowerShell
How To List Files on Remote Server - PowerShellHow To List Files on Remote Server - PowerShell
How To List Files on Remote Server - PowerShell
VCP Muthukrishna
 
Windows PowerShell Basics – How To Create powershell for loop
Windows PowerShell Basics – How To Create powershell for loopWindows PowerShell Basics – How To Create powershell for loop
Windows PowerShell Basics – How To Create powershell for loop
VCP Muthukrishna
 
Windows PowerShell Basics - How To List PSDrive Info
Windows PowerShell Basics - How To List PSDrive InfoWindows PowerShell Basics - How To List PSDrive Info
Windows PowerShell Basics - How To List PSDrive Info
VCP Muthukrishna
 
How To Install and Configure Log Rotation on RHEL 7 or CentOS 7
How To Install and Configure Log Rotation on RHEL 7 or CentOS 7How To Install and Configure Log Rotation on RHEL 7 or CentOS 7
How To Install and Configure Log Rotation on RHEL 7 or CentOS 7
VCP Muthukrishna
 
Install and Configure RSyslog – CentOS 7 / RHEL 7
Install and Configure RSyslog – CentOS 7 / RHEL 7Install and Configure RSyslog – CentOS 7 / RHEL 7
Install and Configure RSyslog – CentOS 7 / RHEL 7
VCP Muthukrishna
 
Zimbra Troubleshooting - Mails not being Delivered or Deferred or Connection ...
Zimbra Troubleshooting - Mails not being Delivered or Deferred or Connection ...Zimbra Troubleshooting - Mails not being Delivered or Deferred or Connection ...
Zimbra Troubleshooting - Mails not being Delivered or Deferred or Connection ...
VCP Muthukrishna
 
How To Install and Configure Apache SSL on CentOS 7
How To Install and Configure Apache SSL on CentOS 7How To Install and Configure Apache SSL on CentOS 7
How To Install and Configure Apache SSL on CentOS 7
VCP Muthukrishna
 
Shell Script Disk Usage Report and E-Mail Current Threshold Status
Shell Script Disk Usage Report and E-Mail Current Threshold StatusShell Script Disk Usage Report and E-Mail Current Threshold Status
Shell Script Disk Usage Report and E-Mail Current Threshold Status
VCP Muthukrishna
 
How To Configure Apache VirtualHost on RHEL 7 on AWS
How To Configure Apache VirtualHost on RHEL 7 on AWSHow To Configure Apache VirtualHost on RHEL 7 on AWS
How To Configure Apache VirtualHost on RHEL 7 on AWS
VCP Muthukrishna
 
How To Install and Configure SNMP on RHEL 7 or CentOS 7
How To Install and Configure SNMP on RHEL 7 or CentOS 7How To Install and Configure SNMP on RHEL 7 or CentOS 7
How To Install and Configure SNMP on RHEL 7 or CentOS 7
VCP Muthukrishna
 
How To Check IE Enhanced Security Is Enabled Windows PowerShell
How To Check IE Enhanced Security Is Enabled Windows PowerShellHow To Check IE Enhanced Security Is Enabled Windows PowerShell
How To Check IE Enhanced Security Is Enabled Windows PowerShell
VCP Muthukrishna
 
How To Install and Configure Open SSH Server on Ubuntu
How To Install and Configure Open SSH Server on UbuntuHow To Install and Configure Open SSH Server on Ubuntu
How To Install and Configure Open SSH Server on Ubuntu
VCP Muthukrishna
 
How To Install and Configure AWS CLI for Windows
How To Install and Configure AWS CLI for WindowsHow To Install and Configure AWS CLI for Windows
How To Install and Configure AWS CLI for Windows
VCP Muthukrishna
 
How To Disable IE Enhanced Security Windows PowerShell
How To Disable IE Enhanced Security Windows PowerShellHow To Disable IE Enhanced Security Windows PowerShell
How To Disable IE Enhanced Security Windows PowerShell
VCP Muthukrishna
 
How To Manage Linux User on RHEL 7
How To Manage Linux User on RHEL 7How To Manage Linux User on RHEL 7
How To Manage Linux User on RHEL 7
VCP Muthukrishna
 
How To List Nginx Modules Installed / Complied on CentOS 7
How To List Nginx Modules Installed / Complied on CentOS 7How To List Nginx Modules Installed / Complied on CentOS 7
How To List Nginx Modules Installed / Complied on CentOS 7
VCP Muthukrishna
 
How To Install OpenFire in CentOS 7
How To Install OpenFire in CentOS 7How To Install OpenFire in CentOS 7
How To Install OpenFire in CentOS 7
VCP Muthukrishna
 
How To Configure FirewallD on RHEL 7 or CentOS 7
How To Configure FirewallD on RHEL 7 or CentOS 7How To Configure FirewallD on RHEL 7 or CentOS 7
How To Configure FirewallD on RHEL 7 or CentOS 7
VCP Muthukrishna
 
How to Install and Configure Cacti on Linux
How to Install and Configure Cacti on LinuxHow to Install and Configure Cacti on Linux
How to Install and Configure Cacti on Linux
VCP Muthukrishna
 
How To Check file exists and Delete PowerShell
How To Check file exists and Delete PowerShellHow To Check file exists and Delete PowerShell
How To Check file exists and Delete PowerShell
VCP Muthukrishna
 
How To Install and Configure GNome on CentOS 7
How To Install and Configure GNome on CentOS 7How To Install and Configure GNome on CentOS 7
How To Install and Configure GNome on CentOS 7
VCP Muthukrishna
 
How To Create PowerShell Function
How To Create PowerShell FunctionHow To Create PowerShell Function
How To Create PowerShell Function
VCP Muthukrishna
 
Conf2015 d waddle_defense_pointsecurity_deploying_splunksslbestpractices
Conf2015 d waddle_defense_pointsecurity_deploying_splunksslbestpracticesConf2015 d waddle_defense_pointsecurity_deploying_splunksslbestpractices
Conf2015 d waddle_defense_pointsecurity_deploying_splunksslbestpractices
BrentMatlock
 
Rhel5
Rhel5Rhel5
Rhel5
Yash Gulati
 
SSH how to 2011
SSH how to 2011SSH how to 2011
SSH how to 2011
Chris Hales
 
Introduction to SSH
Introduction to SSHIntroduction to SSH
Introduction to SSH
Hemant Shah
 

More Related Content

What's hot

What's hot (20)

Install and Configure RSyslog – CentOS 7 / RHEL 7
Install and Configure RSyslog – CentOS 7 / RHEL 7Install and Configure RSyslog – CentOS 7 / RHEL 7
Install and Configure RSyslog – CentOS 7 / RHEL 7
 
Zimbra Troubleshooting - Mails not being Delivered or Deferred or Connection ...
Zimbra Troubleshooting - Mails not being Delivered or Deferred or Connection ...Zimbra Troubleshooting - Mails not being Delivered or Deferred or Connection ...
Zimbra Troubleshooting - Mails not being Delivered or Deferred or Connection ...
 
How To Install and Configure Apache SSL on CentOS 7
How To Install and Configure Apache SSL on CentOS 7How To Install and Configure Apache SSL on CentOS 7
How To Install and Configure Apache SSL on CentOS 7
 
Shell Script Disk Usage Report and E-Mail Current Threshold Status
Shell Script Disk Usage Report and E-Mail Current Threshold StatusShell Script Disk Usage Report and E-Mail Current Threshold Status
Shell Script Disk Usage Report and E-Mail Current Threshold Status
 
How To Configure Apache VirtualHost on RHEL 7 on AWS
How To Configure Apache VirtualHost on RHEL 7 on AWSHow To Configure Apache VirtualHost on RHEL 7 on AWS
How To Configure Apache VirtualHost on RHEL 7 on AWS
 
How To Install and Configure SNMP on RHEL 7 or CentOS 7
How To Install and Configure SNMP on RHEL 7 or CentOS 7How To Install and Configure SNMP on RHEL 7 or CentOS 7
How To Install and Configure SNMP on RHEL 7 or CentOS 7
 
How To Check IE Enhanced Security Is Enabled Windows PowerShell
How To Check IE Enhanced Security Is Enabled Windows PowerShellHow To Check IE Enhanced Security Is Enabled Windows PowerShell
How To Check IE Enhanced Security Is Enabled Windows PowerShell
 
How To Install and Configure Open SSH Server on Ubuntu
How To Install and Configure Open SSH Server on UbuntuHow To Install and Configure Open SSH Server on Ubuntu
How To Install and Configure Open SSH Server on Ubuntu
 
How To Install and Configure AWS CLI for Windows
How To Install and Configure AWS CLI for WindowsHow To Install and Configure AWS CLI for Windows
How To Install and Configure AWS CLI for Windows
 
How To Disable IE Enhanced Security Windows PowerShell
How To Disable IE Enhanced Security Windows PowerShellHow To Disable IE Enhanced Security Windows PowerShell
How To Disable IE Enhanced Security Windows PowerShell
 
How To Manage Linux User on RHEL 7
How To Manage Linux User on RHEL 7How To Manage Linux User on RHEL 7
How To Manage Linux User on RHEL 7
 
How To List Nginx Modules Installed / Complied on CentOS 7
How To List Nginx Modules Installed / Complied on CentOS 7How To List Nginx Modules Installed / Complied on CentOS 7
How To List Nginx Modules Installed / Complied on CentOS 7
 
How To Install OpenFire in CentOS 7
How To Install OpenFire in CentOS 7How To Install OpenFire in CentOS 7
How To Install OpenFire in CentOS 7
 
How To Configure FirewallD on RHEL 7 or CentOS 7
How To Configure FirewallD on RHEL 7 or CentOS 7How To Configure FirewallD on RHEL 7 or CentOS 7
How To Configure FirewallD on RHEL 7 or CentOS 7
 
How to Install and Configure Cacti on Linux
How to Install and Configure Cacti on LinuxHow to Install and Configure Cacti on Linux
How to Install and Configure Cacti on Linux
 
How To Check file exists and Delete PowerShell
How To Check file exists and Delete PowerShellHow To Check file exists and Delete PowerShell
How To Check file exists and Delete PowerShell
 
How To Install and Configure GNome on CentOS 7
How To Install and Configure GNome on CentOS 7How To Install and Configure GNome on CentOS 7
How To Install and Configure GNome on CentOS 7
 
How To Create PowerShell Function
How To Create PowerShell FunctionHow To Create PowerShell Function
How To Create PowerShell Function
 
Conf2015 d waddle_defense_pointsecurity_deploying_splunksslbestpractices
Conf2015 d waddle_defense_pointsecurity_deploying_splunksslbestpracticesConf2015 d waddle_defense_pointsecurity_deploying_splunksslbestpractices
Conf2015 d waddle_defense_pointsecurity_deploying_splunksslbestpractices
 
Rhel5
Rhel5Rhel5
Rhel5
 

Similar to How To Setup SSH Keys on CentOS 7

Introduction to SSH
Introduction to SSHIntroduction to SSH
Introduction to SSH
Hemant Shah
 
Presentation nix
Presentation nixPresentation nix
Presentation nix
fangjiafu
 
Presentation nix
Presentation nixPresentation nix
Presentation nix
fangjiafu
 
SSH for pen-testers
SSH for pen-testersSSH for pen-testers
SSH for pen-testers
E D Williams
 

Similar to How To Setup SSH Keys on CentOS 7 (20)

SSH how to 2011
SSH how to 2011SSH how to 2011
SSH how to 2011
 
Introduction to SSH
Introduction to SSHIntroduction to SSH
Introduction to SSH
 
How to increase security with SSH
How to increase security with SSHHow to increase security with SSH
How to increase security with SSH
 
SSH.pdf
SSH.pdfSSH.pdf
SSH.pdf
 
OpenSSH tricks
OpenSSH tricksOpenSSH tricks
OpenSSH tricks
 
0696-ssh-the-secure-shell.pdf
0696-ssh-the-secure-shell.pdf0696-ssh-the-secure-shell.pdf
0696-ssh-the-secure-shell.pdf
 
Presentation nix
Presentation nixPresentation nix
Presentation nix
 
Presentation nix
Presentation nixPresentation nix
Presentation nix
 
Secure SHell
Secure SHellSecure SHell
Secure SHell
 
Cent os 5 ssh
Cent os 5 sshCent os 5 ssh
Cent os 5 ssh
 
How to set up ssh keys on ubuntu
How to set up ssh keys on ubuntuHow to set up ssh keys on ubuntu
How to set up ssh keys on ubuntu
 
Hadoop 2.0 cluster setup on ubuntu 14.04 (64 bit)
Hadoop 2.0 cluster setup on ubuntu 14.04 (64 bit)Hadoop 2.0 cluster setup on ubuntu 14.04 (64 bit)
Hadoop 2.0 cluster setup on ubuntu 14.04 (64 bit)
 
Sshstuff
SshstuffSshstuff
Sshstuff
 
Configure ssh cell
Configure ssh cellConfigure ssh cell
Configure ssh cell
 
Ssh between ansible control node with that of target
Ssh between ansible control node with that of targetSsh between ansible control node with that of target
Ssh between ansible control node with that of target
 
Intro to SSH
Intro to SSHIntro to SSH
Intro to SSH
 
Ssh
SshSsh
Ssh
 
Stopping the Hassle of SSH keys by using SSH certificates - Community Summit ...
Stopping the Hassle of SSH keys by using SSH certificates - Community Summit ...Stopping the Hassle of SSH keys by using SSH certificates - Community Summit ...
Stopping the Hassle of SSH keys by using SSH certificates - Community Summit ...
 
An introduction to SSH
An introduction to SSHAn introduction to SSH
An introduction to SSH
 
SSH for pen-testers
SSH for pen-testersSSH for pen-testers
SSH for pen-testers
 

More from VCP Muthukrishna

More from VCP Muthukrishna (15)

How to Fix Duplicate Packages in YUM on CentOS 7
How to Fix Duplicate Packages in YUM on CentOS 7How to Fix Duplicate Packages in YUM on CentOS 7
How to Fix Duplicate Packages in YUM on CentOS 7
 
How To Construct IF and Else Conditional Statements
How To Construct IF and Else Conditional StatementsHow To Construct IF and Else Conditional Statements
How To Construct IF and Else Conditional Statements
 
How To Create PowerShell Function Mandatory Parameter and Optional Parameter
How To Create PowerShell Function Mandatory Parameter and Optional ParameterHow To Create PowerShell Function Mandatory Parameter and Optional Parameter
How To Create PowerShell Function Mandatory Parameter and Optional Parameter
 
How To Create Power Shell Function Mandatory Parameter Value
How To Create Power Shell Function Mandatory Parameter ValueHow To Create Power Shell Function Mandatory Parameter Value
How To Create Power Shell Function Mandatory Parameter Value
 
How To Configure Nginx Load Balancer on CentOS 7
How To Configure Nginx Load Balancer on CentOS 7How To Configure Nginx Load Balancer on CentOS 7
How To Configure Nginx Load Balancer on CentOS 7
 
Nginx bind() to 0.0.0.0:9080 failed
Nginx bind() to 0.0.0.0:9080 failedNginx bind() to 0.0.0.0:9080 failed
Nginx bind() to 0.0.0.0:9080 failed
 
How To Install and Configure Screen on CentOS 7
How To Install and Configure Screen on CentOS 7How To Install and Configure Screen on CentOS 7
How To Install and Configure Screen on CentOS 7
 
How To Install and Configure Salt Master on Ubuntu
How To Install and Configure Salt Master on UbuntuHow To Install and Configure Salt Master on Ubuntu
How To Install and Configure Salt Master on Ubuntu
 
How To Protect SSH Access with Fail2Ban on RHEL 7
How To Protect SSH Access with Fail2Ban on RHEL 7How To Protect SSH Access with Fail2Ban on RHEL 7
How To Protect SSH Access with Fail2Ban on RHEL 7
 
How To Configure SNMP Logging on RHEL 7
How To Configure SNMP Logging on RHEL 7How To Configure SNMP Logging on RHEL 7
How To Configure SNMP Logging on RHEL 7
 
How To Find Package Installation Date on RHEL 7
How To Find Package Installation Date on RHEL 7How To Find Package Installation Date on RHEL 7
How To Find Package Installation Date on RHEL 7
 
How to Upgrade Openfire on CentOS 7
How to Upgrade Openfire on CentOS 7How to Upgrade Openfire on CentOS 7
How to Upgrade Openfire on CentOS 7
 
How To Reset root Password on CentOS 7
How To Reset root Password on CentOS 7How To Reset root Password on CentOS 7
How To Reset root Password on CentOS 7
 
How To View Current Execution Policy PowerShell
How To View Current Execution Policy PowerShellHow To View Current Execution Policy PowerShell
How To View Current Execution Policy PowerShell
 
How To Install and Use ABRT CLI on RHEL 7
How To Install and Use ABRT CLI on RHEL 7How To Install and Use ABRT CLI on RHEL 7
How To Install and Use ABRT CLI on RHEL 7
 

Recently uploaded

Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 
The Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightThe Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and Insight
Safe Software
 
API Governance and Monetization - The evolution of API governance
API Governance and Monetization - The evolution of API governanceAPI Governance and Monetization - The evolution of API governance
API Governance and Monetization - The evolution of API governance
WSO2
 

Recently uploaded (20)

Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
Modernizing Legacy Systems Using Ballerina
Modernizing Legacy Systems Using BallerinaModernizing Legacy Systems Using Ballerina
Modernizing Legacy Systems Using Ballerina
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Stronger Together: Developing an Organizational Strategy for Accessible Desig...
Stronger Together: Developing an Organizational Strategy for Accessible Desig...Stronger Together: Developing an Organizational Strategy for Accessible Desig...
Stronger Together: Developing an Organizational Strategy for Accessible Desig...
 
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Quantum Leap in Next-Generation Computing
Quantum Leap in Next-Generation ComputingQuantum Leap in Next-Generation Computing
Quantum Leap in Next-Generation Computing
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
The Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightThe Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and Insight
 
API Governance and Monetization - The evolution of API governance
API Governance and Monetization - The evolution of API governanceAPI Governance and Monetization - The evolution of API governance
API Governance and Monetization - The evolution of API governance
 
Design and Development of a Provenance Capture Platform for Data Science
Design and Development of a Provenance Capture Platform for Data ScienceDesign and Development of a Provenance Capture Platform for Data Science
Design and Development of a Provenance Capture Platform for Data Science
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 

How To Setup SSH Keys on CentOS 7

  • 1. How To Setup SSH Keys on CentOS 7 i | P a g e Table of Contents Overview.......................................................................................................................................................1 What is SSH Keys...........................................................................................................................................1 SSH Keys – Private Key..............................................................................................................................1 SSH Keys – Public Key................................................................................................................................1 SSH Keys – Algorithm................................................................................................................................1 SSH Keys – Key Size...................................................................................................................................2 SSH Keys – Files and Locations......................................................................................................................2 SSH Keys – Permissions - Set.........................................................................................................................3 SSH Keys – Permissions - Validation .............................................................................................................3 SSH Keys - Generation...................................................................................................................................4 Generate SSH Key – RSA ...........................................................................................................................4 Generate SSH Key – Private Key File.........................................................................................................4 Generate SSH Key – Passphrase................................................................................................................4 Generate SSH Key – Files ..........................................................................................................................5 Generate SSH Key – Copy ID .....................................................................................................................5 SSH Key – SSH Login......................................................................................................................................6
  • 2. How To Setup SSH Keys on CentOS 7 1 | P a g e Overview In this guide we will walk through steps of generating and connecting to the host without password with ssh-keygen utility, this utility will create key pairs for automated authentication. What is SSH Keys SSH Keys uses public key cryptography for authenticating hosts and users. This key is much more secured than older version of utilizing “.rhosts” file authenticating method. In this method password is not stored in a file and in turn eliminates the possibility of password being compromised. SSH Keys – Private Key A private key that remains (only) with the user. It is imperative that key is in the possession of the specific user. A user has private key that corresponds to the public key of the server will be able to authenticate successfully. Ideally private keys have to be stored in a safe location, it should not be tampered, copied or shared with others. Private keys used for user authentication are called “Identity Keys”. SSH Keys – Public Key A public key that is copied to the SSH server(s). Anyone with a copy of the public key can encrypt data which can then only be read by the person who holds the corresponding private key. Once an SSH server receives a public key from a user and considers the key as trustworthy, then the server marks the key as authorized and subsequently its stored in “authorized_keys” file. Such keys are called “Authorized Keys”. SSH Keys – Algorithm Each key has to be generated with specific type of algorithm, different algorithm provide different level of security the below table will give insight into each algorithm its purpose is described. Algorithm Description rsa It’s an old algorithm based on the difficulty of factoring large numbers. A key size with at least 2048 bits is recommended for RSA; 4096 bits is much better. RSA is getting old and significant advances are being made in factoring. Choosing a different algorithm is recommended. In the near future RSA algorithm might be practically breakable. All SSH clients support this algorithm.
  • 3. How To Setup SSH Keys on CentOS 7 2 | P a g e dsa It’s an old US government Digital Signature Algorithm. It is based on the difficulty of computing discrete algorithms. A key size of 1024 would normally be used with it. DSA in its original form is no longer recommended. ecdsa It’s a new Digital Signature Algorithm standardized by the US government, using elliptic curves. It’s probably a good algorithm for current applications. Only three key sizes are currently supported viz., 256, 384, and 521 bits. It’s recommend to utilize 521 bits, since the keys are still small and probably more secure than the smaller keys. Bigger the bits size safer the key. Most SSH clients now support this algorithm. ed25519 It’s a new algorithm added in OpenSSH. Support for it in clients is not yet universal. Its implementation in general purpose applications is not recommended for now; though it could leak if public key is incorrect. SSH Keys – Key Size By default SSH key size that gets generated is with “2048” bits, to customize bit key size set the bit key size parameter “-b” while generating the ssh key. SSH Keys – Files and Locations Each key file has important role to play, to understand each one of the file(s) and their importance, listed below are the file(s) and their location / along with their purpose is described. Location & File Purpose / Description $HOME/.ssh/identity This file contains the RSA private key when using the SSH protocol version 1. $HOME/.ssh/identity.pub This file contains the RSA public key for authentication when you are using the SSH protocol version 1. User has to copy contents in the $HOME/.ssh/authorized_keys file of the remote system where a user wants to login. $HOME/.ssh/id_dsa This file contains the protocol version 2 DSA authentication identity of the user. $HOME/.ssh/id_dsa.pub This file contains the DSA public key for authentication when you are using the SSH protocol version 2.
  • 4. How To Setup SSH Keys on CentOS 7 3 | P a g e User has to copy contents in the $HOME/.ssh/authorized_keys file of the remote system where a user wants to login. $HOME/.ssh/id_rsa This file contains the protocol version 2 RSA authentication identity of the user. This file should not be readable by anyone but the user. $HOME/.ssh/id_rsa.pub This file contains the protocol version 2 RSA public key for authentication. User has to copy contents in the $HOME/.ssh/authorized_keys file of the remote system where a user wants to login. SSH Keys – Permissions - Set Each location / file has to be set to appropriate permission, location / purpose is described in below table. Location / File Set Permission - Command Purpose / Description User Home Folder chmod go-w /home/$USER chmod g-w,o-w ~ User’s home directory on the server should NOT be writable by others .ssh Folder chmod 700 /home/$USER/.ssh SSH folder on the server needs 700 authorized_keys chmod 644 /home/$USER/.ssh/authorized_keys authorized_keys has to be set to 644 authorized_keys* chmod 600 /home/$USER/.ssh/authorized_keys authorized_keys has to be set to 600; root user will also not have access, better security. .ssh Folder chown user:user /home/$USER/.ssh user owns the files/folders and not root authorized_keys chown user:user authorized_keys user owns the files/folders and not root SSH Keys – Permissions - Validation In order to validate permission set on each folder / file, execute command as per the below table. Location / File Set Permission – Command Long List – Command Permission – View Home Directory chmod 755 ~ ls -l ~ 755 or (drwxr-xr-x) .ssh (folder) chmod 700 ~/.ssh ls -l ~/.ssh 700 or (drwx------) .pub (public key file) chmod 644 ~/.ssh/*.pub ls -l ~/.ssh/*.pub 644 or (-rw-r--r--)
  • 5. How To Setup SSH Keys on CentOS 7 4 | P a g e id_rsa (private Key file) chmod 600 ~/.ssh/*.id_rsa ls -l ~/.ssh/*.id_rsa 600 or (-rw-------) SSH Keys - Generation Before you login to the server without password, you need to generate ssh keys and copy generated key on to the server and you can subsequently login. Generate SSH Key – RSA Generating key is first and foremost task that we have to perform in order setup SSH Key, default Algorithm is “RSA” and key size is “2048”, to generate a new ssh key, run the command; ssh-keygen -t rsa -b 4096 Generate SSH Key – Private Key File By default ssh key file is created as “id_rsa”, optionally you can set the name of the file. Generate SSH Key – Passphrase Optionally, you can set “passphrase” or key password for the ssh key, this passphrase will be keyed-in upon logging on to the server.
  • 6. How To Setup SSH Keys on CentOS 7 5 | P a g e Generate SSH Key – Files User’s private and public key generated files will be default stored in “$HOME/.ssh/” folder, wherein “id_rsa” is a private key file and “id_rsa.pub” is a public key file. In this step key’s “fingerprint” is defined along with algorithm type and key bits will will also be displayed. Generate SSH Key – Copy ID Once the ssh key is generated, next step is to copy the ssh key; to copy run the command; ssh-copy-id mvcp@salt
  • 7. How To Setup SSH Keys on CentOS 7 6 | P a g e SSH Key – SSH Login After copying the ssh key; you can connect to the server without password, ssh key copied with command ssh-copy-id will be verified and validated and user will be logged into the server automatically, to connect run the command; ssh mvcp@salt