Secure Shell (SSH) is a widely used protocol for securely accessing and managing remote servers. SSH keys provide a more secure and convenient way of logging in to your server than using a password. In this tutorial, we will walk you through the process of how to set up SSH keys on Rocky Linux.
Table of Contents
- Prerequisites
- Generate SSH Key Pair
- Copy Public Key to Remote Server
- Disable Password Authentication (Optional)
- Conclusion
How to Set up SSH Keys on Rocky Linux
Prerequisites
Before you start, make sure you have:
- A local machine running Rocky Linux or any other Linux distribution
- A remote Rocky Linux server
- SSH access to the remote server with a username and password
Generate SSH Key Pair on Rocky Linux
First, you need to generate an SSH key pair on your local machine. The key pair consists of a public key and a private key. Place the public key on the remote server and keep the private key on your local machine.
- Open a terminal on your local machine.
- Run the following command to generate an SSH key pair:
ssh-keygen -t ed25519 -C "[email protected]" Replace “[email protected]” with your actual email address.Note: We’re using the Ed25519 algorithm for this tutorial, but you can also use RSA or ECDSA.
You will be prompted to enter a file path to save the key pair. Press Enter to use the default location, or specify a custom path.
Next, you will be prompted to enter a passphrase. This is an optional extra layer of security. If you don’t want to use a passphrase, simply press Enter.
Your SSH key pair has now been generated. The public key is saved as id_ed25519.pub, and the private key is saved as id_ed25519 in the .ssh directory under your home directory.
Copy Public Key to Remote Server
Now you need to copy your public key to the remote server. This can be done using the ssh-copy-id command:
ssh-copy-id -i ~/.ssh/id_ed25519.pub username@remote-server-ipReplace “username” with your remote server’s username and “remote-server-ip” with your remote server’s IP address.
The system will prompt you to enter your remote server’s password. After copying the public key, a message will appear, indicating the successful addition of the key.
Disable Password Authentication on Rocky Linux (Optional)
To enhance security, you can disable password authentication on the remote server, forcing users to log in using their SSH keys. Before proceeding, ensure that you can log in to the remote server using your SSH key.
- Log in to your remote server using SSH:
ssh username@remote-server-ipEdit the SSH configuration file using a text editor like vim or nano:
sudo vim /etc/ssh/sshd_configFind the line containing #PasswordAuthentication yes and change it to `Password Authentication no. If the line is commented out (i.e., has a #at the beginning), make sure to uncomment it by removing the#`.
- Save and exit the text editor.
- Restart the SSH service to apply the changes:
sudo systemctl restart sshdNow, users can only log in to the remote server using their SSH keys.
Test Your SSH Key-Based Authentication
To test the SSH key-based authentication, log out from the remote server if you are still connected. Then try logging in again using the following command:
ssh username@remote-server-ipIf you’ve set up everything correctly, you can log in without being prompted for a password. However, if you used a passphrase when generating your SSH key pair, the system will ask for the passphrase instead.
Conclusion
In this tutorial, we have successfully set up SSH keys on Rocky Linux and optionally disabled password authentication for added security. Using SSH keys is a much safer and more convenient way to manage remote servers compared to using passwords.
For more Linux-related tutorials, check out the following links:
- How to Install Nginx on Rocky Linux
- How to Install Python on Rocky Linux
- How to Install MariaDB on Rocky Linux
- How to Set Up a Cron Job on Rocky Linux
- How to Install Fail2ban on Rocky Linux
We hope you found this guide helpful. If you have any questions or need further assistance, feel free to leave a comment below.
