How to Generate & Set Up SSH Keys on CentOS 7?

SSH keys are cryptographic key pairs that provide a secure authentication method for connecting to remote servers. Unlike traditional password-based authentication, SSH keys offer enhanced security by using public-key cryptography. The private key remains on your local machine, while the public key is placed on remote servers you want to access.

SSH keys eliminate the risk of password-based attacks and provide a more convenient way to authenticate, especially when managing multiple servers. CentOS 7 includes all the necessary tools to generate and manage SSH keys out of the box.

Generating SSH Keys on CentOS 7

Basic SSH Key Generation

The ssh-keygen command is used to generate SSH key pairs. Here's the step-by-step process:

ssh-keygen -t rsa -b 4096

Follow these steps when prompted:

• Choose the file location (press Enter for default: ~/.ssh/id_rsa)

• Enter a strong passphrase (recommended for additional security)

• Confirm the passphrase

This generates two files:

• ~/.ssh/id_rsa Your private key (keep this secret)

• ~/.ssh/id_rsa.pub Your public key (safe to share)

SSH Key Types and Options

For maximum security and performance, use Ed25519:

ssh-keygen -t ed25519 -C "your-email@domain.com"

Setting Up SSH Keys

Copying Public Key to Remote Server

The easiest method is using ssh-copy-id:

ssh-copy-id username@remote_server_ip

This command automatically:

• Copies your public key to the remote server

• Adds it to ~/.ssh/authorized_keys

• Sets correct file permissions

Manual Public Key Setup

If ssh-copy-id is not available, copy the key manually:

# Display your public key
cat ~/.ssh/id_rsa.pub

# On the remote server, add it to authorized_keys
echo "your-public-key-content" >> ~/.ssh/authorized_keys

Setting Correct Permissions

SSH is strict about file permissions. Set them correctly:

# On the remote server
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys

# On your local machine
chmod 700 ~/.ssh
chmod 600 ~/.ssh/id_rsa
chmod 644 ~/.ssh/id_rsa.pub

Testing SSH Key Authentication

Test your SSH key setup:

ssh username@remote_server_ip

If configured correctly, you should connect without entering a password (only your key passphrase if set).

Advanced SSH Key Management

Multiple Keys for Different Servers

Create named keys for different purposes:

# Generate specific keys
ssh-keygen -t ed25519 -f ~/.ssh/id_ed25519_webserver
ssh-keygen -t ed25519 -f ~/.ssh/id_ed25519_database

Configure ~/.ssh/config to use specific keys:

Host webserver
    HostName 192.168.1.10
    User admin
    IdentityFile ~/.ssh/id_ed25519_webserver

Host database
    HostName 192.168.1.20
    User dbadmin
    IdentityFile ~/.ssh/id_ed25519_database

Troubleshooting Common Issues

Check SSH logs for detailed error information:

# On CentOS 7
sudo tail -f /var/log/secure

Security Best Practices

• Use strong passphrases for private keys

• Regularly rotate SSH keys (every 6-12 months)

• Disable password authentication in /etc/ssh/sshd_config

• Use different keys for different servers/purposes

• Keep private keys secure and never share them

Conclusion

SSH keys provide a secure and convenient authentication method for CentOS 7 systems. By following proper generation, setup, and management practices, you can significantly improve your server security while streamlining remote access. Regular key rotation and adherence to security best practices ensure long-term protection of your systems.