This document provides instructions for setting up SSH keys on CentOS 7 to enable passwordless login. It describes generating an RSA key pair with ssh-keygen, setting permissions on the private and public key files, and copying the public key to authorized_keys on the server. Running ssh-copy-id copies the public key and allows logging into the server without a password by authenticating with the private key.

1. How To Setup SSH Keys on CentOS 7
i | P a g e
Table of Contents
Overview.......................................................................................................................................................1
What is SSH Keys...........................................................................................................................................1
SSH Keys – Private Key..............................................................................................................................1
SSH Keys – Public Key................................................................................................................................1
SSH Keys – Algorithm................................................................................................................................1
SSH Keys – Key Size...................................................................................................................................2
SSH Keys – Files and Locations......................................................................................................................2
SSH Keys – Permissions - Set.........................................................................................................................3
SSH Keys – Permissions - Validation .............................................................................................................3
SSH Keys - Generation...................................................................................................................................4
Generate SSH Key – RSA ...........................................................................................................................4
Generate SSH Key – Private Key File.........................................................................................................4
Generate SSH Key – Passphrase................................................................................................................4
Generate SSH Key – Files ..........................................................................................................................5
Generate SSH Key – Copy ID .....................................................................................................................5
SSH Key – SSH Login......................................................................................................................................6

2. How To Setup SSH Keys on CentOS 7
1 | P a g e
Overview
In this guide we will walk through steps of generating and connecting to the host without password with
ssh-keygen utility, this utility will create key pairs for automated authentication.
What is SSH Keys
SSH Keys uses public key cryptography for authenticating hosts and users. This key is much more secured
than older version of utilizing “.rhosts” file authenticating method. In this method password is not stored
in a file and in turn eliminates the possibility of password being compromised.
SSH Keys – Private Key
A private key that remains (only) with the user. It is imperative that key is in the possession of the specific
user. A user has private key that corresponds to the public key of the server will be able to authenticate
successfully.
Ideally private keys have to be stored in a safe location, it should not be tampered, copied or shared with
others. Private keys used for user authentication are called “Identity Keys”.
SSH Keys – Public Key
A public key that is copied to the SSH server(s). Anyone with a copy of the public key can encrypt data
which can then only be read by the person who holds the corresponding private key.
Once an SSH server receives a public key from a user and considers the key as trustworthy, then the server
marks the key as authorized and subsequently its stored in “authorized_keys” file. Such keys are called
“Authorized Keys”.
SSH Keys – Algorithm
Each key has to be generated with specific type of algorithm, different algorithm provide different level
of security the below table will give insight into each algorithm its purpose is described.
Algorithm Description
rsa It’s an old algorithm based on the difficulty of factoring large numbers. A key size with at
least 2048 bits is recommended for RSA; 4096 bits is much better.
RSA is getting old and significant advances are being made in factoring. Choosing a
different algorithm is recommended.
In the near future RSA algorithm might be practically breakable. All SSH clients support
this algorithm.

3. How To Setup SSH Keys on CentOS 7
2 | P a g e
dsa It’s an old US government Digital Signature Algorithm. It is based on the difficulty of
computing discrete algorithms.
A key size of 1024 would normally be used with it.
DSA in its original form is no longer recommended.
ecdsa It’s a new Digital Signature Algorithm standardized by the US government, using elliptic
curves.
It’s probably a good algorithm for current applications. Only three key sizes are currently
supported viz., 256, 384, and 521 bits.
It’s recommend to utilize 521 bits, since the keys are still small and probably more secure
than the smaller keys. Bigger the bits size safer the key.
Most SSH clients now support this algorithm.
ed25519 It’s a new algorithm added in OpenSSH. Support for it in clients is not yet universal.
Its implementation in general purpose applications is not recommended for now; though
it could leak if public key is incorrect.
SSH Keys – Key Size
By default SSH key size that gets generated is with “2048” bits, to customize bit key size set the bit key
size parameter “-b” while generating the ssh key.
SSH Keys – Files and Locations
Each key file has important role to play, to understand each one of the file(s) and their importance, listed
below are the file(s) and their location / along with their purpose is described.
Location & File Purpose / Description
$HOME/.ssh/identity This file contains the RSA private key when using the SSH protocol version 1.
$HOME/.ssh/identity.pub This file contains the RSA public key for authentication when you are using the
SSH protocol version 1.
User has to copy contents in the $HOME/.ssh/authorized_keys file of the
remote system where a user wants to login.
$HOME/.ssh/id_dsa This file contains the protocol version 2 DSA authentication identity of the
user.
$HOME/.ssh/id_dsa.pub This file contains the DSA public key for authentication when you are using the
SSH protocol version 2.

4. How To Setup SSH Keys on CentOS 7
3 | P a g e
User has to copy contents in the $HOME/.ssh/authorized_keys file of the
remote system where a user wants to login.
$HOME/.ssh/id_rsa This file contains the protocol version 2 RSA authentication identity of the
user.
This file should not be readable by anyone but the user.
$HOME/.ssh/id_rsa.pub This file contains the protocol version 2 RSA public key for authentication.
User has to copy contents in the $HOME/.ssh/authorized_keys file of the
remote system where a user wants to login.
SSH Keys – Permissions - Set
Each location / file has to be set to appropriate permission, location / purpose is described in below table.
Location / File Set Permission - Command Purpose / Description
User Home Folder chmod go-w /home/$USER
chmod g-w,o-w ~
User’s home directory on the server should NOT
be writable by others
.ssh Folder chmod 700 /home/$USER/.ssh SSH folder on the server needs 700
authorized_keys chmod 644
/home/$USER/.ssh/authorized_keys
authorized_keys has to be set to 644
authorized_keys* chmod 600
/home/$USER/.ssh/authorized_keys
authorized_keys has to be set to 600; root user
will also not have access, better security.
.ssh Folder chown user:user /home/$USER/.ssh user owns the files/folders and not root
authorized_keys chown user:user authorized_keys user owns the files/folders and not root
SSH Keys – Permissions - Validation
In order to validate permission set on each folder / file, execute command as per the below table.
Location / File Set Permission – Command Long List – Command Permission – View
Home Directory chmod 755 ~ ls -l ~ 755 or (drwxr-xr-x)
.ssh (folder) chmod 700 ~/.ssh ls -l ~/.ssh 700 or (drwx------)
.pub (public key file) chmod 644 ~/.ssh/*.pub ls -l ~/.ssh/*.pub 644 or (-rw-r--r--)

5. How To Setup SSH Keys on CentOS 7
4 | P a g e
id_rsa (private Key file) chmod 600 ~/.ssh/*.id_rsa ls -l ~/.ssh/*.id_rsa 600 or (-rw-------)
SSH Keys - Generation
Before you login to the server without password, you need to generate ssh keys and copy generated key
on to the server and you can subsequently login.
Generate SSH Key – RSA
Generating key is first and foremost task that we have to perform in order setup SSH Key, default
Algorithm is “RSA” and key size is “2048”, to generate a new ssh key, run the command;
ssh-keygen -t rsa -b 4096
Generate SSH Key – Private Key File
By default ssh key file is created as “id_rsa”, optionally you can set the name of the file.
Generate SSH Key – Passphrase
Optionally, you can set “passphrase” or key password for the ssh key, this passphrase will be keyed-in
upon logging on to the server.

6. How To Setup SSH Keys on CentOS 7
5 | P a g e
Generate SSH Key – Files
User’s private and public key generated files will be default stored in “$HOME/.ssh/” folder, wherein
“id_rsa” is a private key file and “id_rsa.pub” is a public key file. In this step key’s “fingerprint” is defined
along with algorithm type and key bits will will also be displayed.
Generate SSH Key – Copy ID
Once the ssh key is generated, next step is to copy the ssh key; to copy run the command;
ssh-copy-id mvcp@salt

7. How To Setup SSH Keys on CentOS 7
6 | P a g e
SSH Key – SSH Login
After copying the ssh key; you can connect to the server without password, ssh key copied with command
ssh-copy-id will be verified and validated and user will be logged into the server automatically, to connect
run the command;
ssh mvcp@salt