How To Generate SSH Key Pairs on Rocky Linux 8

In this article, we intend to teach you How To Generate SSH Key Pairs on Rocky Linux 8.

The SSH key pair is used to authenticate the identity of a user or process that wants to access a remote system using the SSH protocol. The public key is used by both the user and the remote server to encrypt messages.

On the remote server side, it is saved in a file that contains a list of all authorized public keys. On the user’s side, it is stored in SSH key management software or in a file on their computer. The private key remains only on the system being used to access the remote server and is used to decrypt messages.

what you read in this post?

How To Generate SSH Key Pairs on Rocky Linux 8

How To Generate SSH Key Pairs on Rocky Linux 8

In this guide, you will learn to set up SSH keys on Rocky Linux 8. SSH keys provide a straightforward, secure method of logging into your server and are recommended for all users.

Now follow the steps below to complete this guide.

Create RSA Key Pair on the Client Machine

The first step is to create a key pair on the client machine (your local computer). To do this, you can use the “ssh-kegen” which creates a 2048-bit RSA key pair.

ssh-keygen

Note: If you plan to create a larger 4096-bit key, you can use the “-b 4096” flag.

When you enter the above command, you should see the following output:

Output
Generating public/private rsa key pair.
Enter file in which to save the key (/your_home/.ssh/id_rsa):

Press ENTER to save the key pair in the .ssh/ subdirectory in your home directory, or specify an alternate path.

Then, you will see:

Output
Enter passphrase (empty for no passphrase):

It is highly recommended to enter a passphrase to add an additional layer of security to your key pairs on Rocky Linux 8, to prevent unauthorized users from logging in.

When you are done, you will see:

Output
Your identification has been saved in /your_home/.ssh/id_rsa.
Your public key has been saved in /your_home/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:j4Sp/pEaRtlftU3TgsLiF7Jgw2lpdLxhYD6t2AF1nbw 
The key's randomart image is:
+---[RSA 3072]----+
| ..=ooo .        |
| * *+.+ . .      |
| &.+o+.o + .     |
| O X.+E+ + o     |
| + * S o . .     |
| . . + =         |
| + o o .         |
| o o .           |
| o..             |
+----[SHA256]-----+

At this point, you have a public and private key that you can use to authenticate.

Copy the Public Key To your Rocky Linux Server

The easiest way to copy the public key to your server is to use a utility called “ssh-copy-id“.

The ssh-copy-id tool is included by default in many operating systems, so you may have it available on your local system. For this method to work, you must already have password-based SSH access to your server.

To use the utility, you need only specify the remote host that you would like to connect to and the user account that you have password SSH access. This is the account to which your public SSH key will be copied:

ssh-copy-id username@remote_host

You may get the following massage:

Output
The authenticity of host '203.0.113.1 (203.0.113.1)' can't be established.
ECDSA key fingerprint is fd:fd:d4:f9:77:fe:73:84:e1:55:00:ad:d6:6d:22:fe.
Are you sure you want to continue connecting (yes/no)? yes

This means that your local computer does not recognize the remote host. This will happen the first time you connect to a new host. Type yes and press ENTER to continue.

Next, the utility will scan your local account for the id_rsa.pub key that we created earlier. When it finds the key, it will prompt you for the password of the remote user’s account:

Output
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
username@203.0.113.1's password:

After that, you will get the following output:

Output
Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'username@203.0.113.1'"
and check to make sure that only the key(s) you wanted were added.

At this point, your id_rsa.pub key has been uploaded to the remote account.

Log in to Rocky Linux 8 with SSH Key Pairs

At this point, you should be able to log into the remote host without the remote account’s password:

ssh username@remote_host

If you supplied a passphrase you will be prompted to enter it now. After authenticating, a new shell session should open for you with the configured account on the Rocky Linux server.

Disable Password-based Authentication on Rocky Linux 8

If you were able to log in to your account using SSH without a password, you have successfully configured SSH-key-based authentication to your account. However, your password-based authentication mechanism is still active, meaning that your server is still exposed to brute-force attacks.

Before completing the steps in this section, make sure that you either have SSH-key-based authentication configured for the root account on this server, or preferably, that you have SSH-key-based authentication configured for a non-root account on this server with sudo privileges. This step will lock down password-based logins, so ensuring that you will still be able to get administrative access is crucial.

Once you’ve confirmed that your remote account has administrative privileges, log into your remote server with SSH keys, either as root or with an account with sudo privileges. Then, open up the SSH daemon’s configuration file: