In web server administration, one of the most crucial aspects is ensuring secure access to your server. SSH, or Secure Shell, is a protocol that allows secure remote login from one computer to another. However, using passwords for SSH authentication can pose security risks and is often considered a bad practice. A more secure method is to use SSH keys for authentication.
This guide will walk you through the process of setting up SSH access without a password, but with a passphrase key on Linux CentOS.
Step 1: Generate Public and Private Keys
The first step in setting up SSH access without a password is to generate a pair of cryptographic keys using the OpenSSH package. On your client machine, run the following command:
ssh-keygen -t rsa
This command initiates the creation of RSA keys. You will be prompted to enter the file in which to save the key. By default, the key is saved in the ‘/root/.ssh/id_rsa’ directory. If this directory does not exist, it will be created.
You will then be asked to enter a passphrase. This passphrase will be required when using the private key. It adds an extra layer of security and is highly recommended.
[root@client ~]# ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Created directory '/root/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: 9c:41:a8:b5:d1:7f:64:c5:91:89:38:bf:5a:4c:30:16 email@example.com The key's randomart image is: +--[ RSA 2048]----+ | o. Eo +o+ | | +.. * + + | | o o.o B | | . .. o. + | | S + . | | + | | o | | . | | | +-----------------+
Step 2: Set Appropriate Permissions for the Public Key
After generating the keys, you need to set the correct permissions for the public key. This is done using the chmod command:
chmod 600 /root/.ssh/id_rsa.pub
This command changes the permissions of the public key file so that only the root user has read and write permissions.
Step 3: Create a .ssh Directory on the Server
On the server, you need to create a .ssh directory in the home directory of the user. This is where the public key from the client will be stored. Use the following commands to create the directory:
mkdir .ssh cd .ssh
Step 4: Transfer the Public Key from the Client to the Server
The next step is to transfer the public key from the client to the server. This can be done using the scp (secure copy) command:
scp id_rsa.pub firstname.lastname@example.org:/root/.ssh/
Replace ‘192.168.1.55’ with the IP address of your server. You will be asked to confirm the connection to the server. Type ‘yes’ and press enter. You will then be asked for the root password of the server to complete the transfer.
Step 5: Convert the Public Key to an Authorized Key
Once the public key has been transferred to the server, it needs to be converted into an authorized key. This is done using the cat command:
cd .ssh cat id_rsa.pub >>authorized_keys
This command appends the content of the public key file to the ‘authorized_keys’ file. If the ‘authorized_keys’ file does not exist, it will be created.
Step 6: Connect to Your Server without a Password
With the authorized key set up, you can now SSH into your server without a password. Instead, you will be asked for the passphrase you set when creating your keys:
Replace ‘192.168.1.55’ with the IP address of your server. You will be asked to enter the passphrase for your key. Once entered, you will be logged into your server.
Setting up SSH access without a password but with a passphrase key on Linux CentOS is a straightforward process that enhances the security of your server. By following the steps outlined in this guide, you can ensure secure, password-less access to your server, thereby reducing the risk of unauthorized access.
Remember, while this guide is written for CentOS, the same steps can be applied to other Linux distributions as well.
Always prioritize the security of your server to protect your data and maintain the integrity of your operations.
- ssh-keygen -t rsa – Generates a pair of rsa keys
- chmod 600 /root/.ssh/id_rsa.pub – Changes the permissions of the public key file
- mkdir .ssh – Creates a .ssh directory
- scp id_rsa.pub email@example.com:/root/.ssh/ – Transfers the public key from the client to the server
- cat id_rsa.pub >>authorized_keys – Converts the public key to an authorized key
- ssh firstname.lastname@example.org – Connects to the server via SSH
What is the purpose of using SSH keys instead of passwords?
SSH keys provide a more secure way of logging into a server with SSH than using a password alone. While a password can eventually be cracked with a brute force attack, SSH keys are nearly impossible to decipher by brute force alone. Generating a key pair provides you with two long strings of characters: a public and a private key. You can place the public key on any server, and then unlock it by connecting to it with a client that already has the private key. When the two match up, the system unlocks without the need for a password.
What is the role of the authorized_keys file in SSH authentication?
The authorized_keys file in SSH specifies which keys are authorized for public key authentication. The server checks this file in the user’s directory to determine whether to use public key authentication. The file contains one key per line, and each line represents a public key that is authorized to access the server. When a client connects to the server, the server checks thepublic key the client presents against the list of keys in the authorized_keys file. If a matching key is found, the client is granted access.
What is the difference between a passphrase and a password in SSH?
In the context of SSH, a password is a string of characters used to authenticate a user to a server, while a passphrase is a string of characters used to encrypt a private key. The passphrase is used to protect your private key from unauthorized use should the key be stolen or compromised. It is often longer than a password, providing an additional layer of security.
What is the purpose of the chmod command in the SSH setup process?
The chmod command is used to change the permissions of files or directories. In the SSH setup process, it is used to set the correct permissions for the public key file. The ‘600’ permission ensures that only the owner can read and write the file, which is important for maintaining the security of the key.
Why is it necessary to create a .ssh directory on the server?
The .ssh directory on the server is used to store the public keys of all the clients that are authorized to connect to the server. When a client attempts to connect to the server, the server checks the client’s public key against the keys stored in the .ssh directory. If a matching key is found, the client is granted access.