Re: Generating new ssh keys Post by TrevorH » Thu Jan 28, 2016 5:06 pm I'm pretty sure that if you just remove the /etc/ssh/sshdhost. files then it will automatically regenerate them on the next start. A quick qns, how do i find out or see or know my host key? I am using putty on a windows and managed to log in to my linux although it screamed for the unknow host key as usual for 1st time log-in.
Generating OpenSSH-compatible Keys for Use with PuTTY
To generate a set of RSA keys with PuTTYgen:
- Start the PuTTYgen utility, by double-clicking on its .exe file;
- For Type of key to generate, select RSA;
- In the Number of bits in a generated key field, specify either 2048 or 4096 (increasing the bits makes it harder to crack the key by brute-force methods);
- Click the Generate button;
- Move your mouse pointer around in the blank area of the Key section, below the progress bar (to generate some randomness) until the progress bar is full;
- A private/ public key pair has now been generated;
- In the Key comment field, enter any comment you’d like, to help you identify this key pair, later (e.g. your e-mail address; home; office; etc.) — the key comment is particularly useful in the event you end up creating more than one key pair;
- Optional: Type a passphrase in the Key passphrase field & re-type the same passphrase in the Confirm passphrase field (if you would like to use your keys for automated processes, however, you should not create a passphrase);
- Click the Save public key button & choose whatever filename you’d like (some users create a folder in their computer named my_keys);
- Click the Save private key button & choose whatever filename you’d like (you can save it in the same location as the public key, but it should be a location that only you can access and that you will NOT lose! If you lose your keys and have disabled username/password logins, you will no longer be able log in!);
- Right-click in the text field labeled Public key for pasting into OpenSSH authorized_keys file and choose Select All;
Right-click again in the same text field and choose Copy. - NOTE: PuTTY and OpenSSH use different formats for public SSH keys. If the SSH Key you copied starts with “—- BEGIN SSH2 PUBLIC KEY …”, it is in the wrong format. Be sure to follow the instructions carefully. Your key should start with “ssh-rsa AAAA ….”
- Save The Public Key On The Server
Now, you need to paste the copied public key in the file ~/.ssh/authorized_keys on your server.
Log in to your destination server; see How to Log Into Your Droplet with PuTTY (for windows users)
If your SSH folder does not yet exist, create it manually:
Paste the SSH public key into your ~/.ssh/authorized_keys file (see Installing and Using the Vim Text Editor on an Cloud Server):
- Create a PuTTY Profile to Save Your Server’s Settings
In PuTTY, you can create (and save) profiles for connections to your various SSH servers, so you don’t have to remember, and continually re-type, redundant information. - Start PuTTY by double-clicking its executable file;
- PuTTY’s initial window is the Session Category (navigate PuTTY’s various categories, along the left-hand side of the window);
- In the Host Name field, enter the IP address of your VPS or its fully qualified domain name (FQDN);
- Enter the port number in the Port field (for added security, consider changing your server’s SSH port to a non-standard port.
- Select SSH under Protocol;
- Along the left-hand side of the window, select the Data sub-category, under Connection;
- Specify the username that you plan on using, when logging in to the SSH server, and whose profile you’re saving, in the Auto-login username field;
- Expand the SSH sub-category, under Connection;
- Highlight the Auth sub-category and click the Browse button, on the right-hand side of the PuTTY window;
- Browse your file system and select your previously-created private key;
- Return to the Session Category and enter a name for this profile in the Saved Sessions field, e.g. user@123.456.78.9 or user@host.yourdomain.tld;
- Click the Save button for the Load, Save or Delete a stored session area.
- Now you can go ahead and log in to user@1.2.3.4 and you will not be prompted for a password. However, if you had set a passphrase on your public key, you will be asked to enter the passphrase at that time (and every time you log in, in the future).
Disable Username/Password Logins
Once you have verified that your key-based logins are working, you may elect to disable username/password logins to achieve better security. To do this, you need to edit your SSH server’s configuration file. On Debian/ Ubuntu systems, this file is located at /etc/ssh/sshd_config.
Edit the lines, referenced below:
Save the file. Now, reload the SSH server’s configuration:
Need More Help?
- Need Help with a technical problem? Submit a Support Ticket.
Recently, you read about SSH on Linux. In this article, you will get familiar with tutorial set up SSH Keys on CentOS 8. It is a secure method for logging into your server which is recommended for all users. SSH is an encrypted protocol that is used to administer and communicate with servers.
Tutorial set up SSH Keys on CentOS 8
Step 1– Creating the RSA Key Pair
It is secure enough for most cases that ssh-keygen would create a 2048-bit key pair. You will see the below result after entering the command.
Output
To save the key pair into the .ssh/ subdirectory in your home directory, press ENTER
By creating a generated SSH key pair, the below result will be shown.
You are highly recommended to enter a secure passphrase. To catch an additional layer of security to your key. A passphrase prevents unauthorized users from logging in.
You will see the following output:
Output
As you have a public and private key to authenticate, you must get the public key onto your server to be able to use SSH-key-based authentication to log in.
Step 2– Copying the Public Key to Your CentOS Server
If you want to use the quickest way to copy your public key to the CentOS host, use a utility called ssh-copy-id. And if you do not have an available ssh-copy-id on your client machine, you need to use one of the two alternate methods that follow.
Copying your Public Key Using ssh-copy-id
In most operating systems, the ssh-copy-id tool is included by default. So it may be available on your local system and however, you need to have password-based SSH access to your server.
Specify the remote host that you want to connect to and the user account that you have password SSH access to. The account which your public SSH key will be copied is:
You would see the result as below:
If it is the first time you connect to a new host, your local computer would not recognize the remote host. Type Yes and press ENTER to continue.
Then, the utility will scan your account for the id_rsa.pub key which you already created. It will prompt you for the password of the remote user’s account:
Type in the password and press ENTER. The utility will connect to the account on the remote host using the password you chose. It will copy the contents of your ~/.ssh/id_rsa. pub key into the remote account’s ~/.ssh/authorized_keys file.
The output will be as below:
Output
If the ssh-copy-id is not available and you have password-based SSH access to an account on your server, upload your keys by using a more conventional SSH method.
You can use the cat command to read the contents of the public SSH key on our local computer and piping through an SSH connection to the remote server.
And also you can make sure that the ~/.ssh directory exists and has the correct permissions.
The content you piped over into a file as authorized_keys within this directory. you can see the full command below.
Copying Public Key Manually
If the password-based SSH access to your server is not available, you need to complete the above process manually.
Append the content of your id-rsa-.pub file to the ~/.ssh/authorized_keys file on your remote machine.
If you want to display your id-rsa-.pub, type this into your local computer:
cat ~/.ssh/id_rsa.pub
As below, you will see the key’s content.
After login with your available method and access to your account on the remote server, check if the directory exists. So if it does not exist, enter below command to create the directory.
Then, create or modify the authorized_key file within this directory.
Substitute the public_key_string with the output from cat ~/.ssh/id_rsa.pub command. Start it with the ssh-rsa AAAA….
Finally, ensure that the ~/.ssh directory and authorized_keys file have the appropriate permissions set:
In order to use root account, watch if the ~/.ssh directory belongs to the user and not to root:
Centos 7 Ssh Configuration File
The name of your user is noodi and you should substitute the appropriate username into the above command. Now you can attempt key-based authentication with your CentOS server.
Ssh Generate Host Keys Centos 6
Step 3– Logging In to Your CentOS Server Using SSH Keys
After successful processing, you should now be able to log into the remote host without the remote account’s password.
In the case of the first connecting to this host, you may see something like this:
Step 4– Disabling Password Authentication on your Server
You will be able to log into your remote server with SSH keys (as root or with an account with sudo privileges) when you confirm that your remote account has administrative privileges.
Now you can search for a directive called PasswordAuthentication. To put vi, press i, and uncomment the line and set the value to no. So log in via SSH using account passwords will be disabled.
After finishing all changes, press ESC and then :wq. To implement these changes, restart the sshd services:
Before closing your current session, test the SSH service for the correct function.
You can close all server sessions, While the SSH service works properly, . Now the SSH daemon on your CentOS server responds to SSH keys.
Dear user, we wish this tutorial would be helpful for you, to ask any question or review the conversation of our users about this article, please visit Ask page. Also to improve your knowledge, there are so many useful tutorials ready for Eldernode training.