Set Up SSH Keys on CentOS 8

Linux Dec 3, 2019

1. Create the RSA Key Pair
If you don't already have an RSA Key Pair, open Terminal on your local Mac and run this command.

$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/cg1/.ssh/id_rsa):

Press Enter to save in the .ssh directory. If you previously had a key, it will be overwritten, and any servers using the old key will no longer be able to authenticate.

Enter passphrase (empty for no passphrase):

Enter a password and press Enter.  The following output is displayed.

Your identification has been saved in /Users/cg1/.ssh/id_rsa.
Your public key has been saved in /Users/cg1/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256: cg1@
The key's randomart image is:
+---[RSA 2048]----+
|    .+..o+.o..   |
|.   +.  +.  .o.  |
|..  .. o. ..=oo  |
|Eo .  . .. +.+   |
|   .o. oS . .    |
|  ....o... . .   |
|.o   ...+.  o    |
|      .* +..     |
|      ..=  .     |
+----[SHA256]-----+

2. Copy the public key to the server

$ ssh-copy-id username@remote_host

Enter your password for the remote server account.

/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/Users/cg1/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
[email protected]'s password: 

Number of key(s) added:        1

3. Configure SecureCRT to use the Public KeyAdd a new session, enter Hostname and Username, and deselect all options except for PublicKey. 

SecureCRT SSH2 Settings
SecureCRT SSH2 Settings

Click Properties and select the public key file.

SecureCRT Public Key Settings
SecureCRT Public Key Settings

When you connect for the first time, you will need to enter the passphrase you created when generating the RSA Key Pair.

Disable password authentication

Once the public key is working, disable password authentication on the server.

sudo vi /etc/ssh/sshd_config

Change PasswordAuthentication to no and save the file.

Restart the SSH service.

sudo systemctl restart sshd.service

Tags