SSH (secure shell) is a Protocol for creating an encrypted link between a client and a server. This technology can remotely control the computer. The interaction with the utility takes place in the terminal and in the operating system CentOS 7 it is added by default. So today we would like to consider in detail the standard setting process, which will be useful to all who are going to work with SSH.
Custom SSH in CentOS 7
The configuration process is individual for each system administrator, but still there are some points that are useful for all users. In this article we will talk not only about the server side, but client, as well as point out which of the devices is performed a certain action.
Install the components and start the server
We have already said that SSH is by default added to the list of system libraries CentOS 7, but sometimes for some reasons the required components do not exist on the computer. In this case, you must add them and then activate the server.
sudo yum-y install openssh-server openssh-clients.
sudo chkconfig sshd on.
service sshd start.
netstat-tulpn | grep :22.
After the successful work of the above instructions, you can safely skip to the beginning of configuration. I want to draw your attention that necessarily to be read is shown on screen notification during activation commands. They may indicate a specific error occurs. Timely correction of all problems will help to avoid further problems.
Edit the configuration file
Of course, the configuration file is edited at the sole discretion of the system administrator. However, we want to show how to run it in a text editor and at what points we should emphasize in the first place.
sudo yum install nano. Upon completion of the installation run the configuration file via
sudo nano /etc/ssh/sshd_config.
sudo service sshd restartto make the changes effective.
service sshd status.
Editing the configuration file changing a lot of parameters, but the basic process of adding and configuring keys is done using special commands we want to talk about next.
Create RSA key pairs
A cryptographic algorithm is RSA (an acronym of the names of Rivest, Shamir and Adleman) used SSH to generate a pair of keys. This action allow to best protect the client and the server part when conducting compounds. That would put both circuits to create a key pair.
Upon successful completion of the above guidance appears public and private keys, which will later be used for authentication with the server. However, this key need to transfer to the server and disable the login password.
Copy the public key to the server
As mentioned above, copy the key necessary for the future password-less authentication. To make this action in one of three ways, each of which will be optimal in certain situations. Let’s look at all of them.
The utility ssh-copy-id
Copy the public key via the utility ssh-copy-id is the simplest method. However, it is suitable only in the case when the computer is the tool. You need to write only one command
ssh-copy-id [email protected]_host, where [email protected]_host — the name of the user and the host of the remote server.
If the connection is held for the first time, on the screen you will see a message of this nature:
The authenticity of host '18.104.22.168 (22.214.171.124)' can't be established.
ECDSA key fingerprint is fd:fd:d4:f9:77:fe:73:84:e1:55:00:ad:d6:6d:22:fe.
Are you sure you want to continue connecting (yes/no)?
It means that the server is not in the list of trusted sources and will be asked whether to conduct further connection. Select the option
You only have to enter the password on the account server, and the copy procedure using the above-mentioned utility completed successfully.
Copy the public key over SSH
In the absence of the utility ssh-copy-id recommend to use the standard features of the SSH tool, of course, if you have access to the server account. Uploading keys via the usual connection, namely:
cat ~/.ssh/id_rsa.pub | ssh [email protected]_host "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"where [email protected]_host — the name of the account and the hostname of the remote computer. Note that option >> will add the key at the end of the file rather than overwrite it completely. Therefore, the previously entered keys will also be saved.
sudo service sshd restart, to update the list of keys.
Manually copy the public key
Sometimes there are situations when it is impossible to use the utility ssh-copy-idand no password is set. Then copying is carried out manually.
: cat ~/.ssh/id_rsa.pub.
mkdir -p ~/.ssh. The command will do nothing if the directory already exists.
public_key_string echo >> ~/.ssh/authorized_keysadd the key to a file or creates the file first if it is missing. Instead of “public_key_string” to insert the previously obtained string with a key.
The copy procedure is successfully completed key. Because of this, you can now authenticate to the server by typing
ssh [email protected]_host. However, you can connect via and the password, which reduces security of the network.
Disable password authentication
Disable login by password, to bypass the key, make a remote connection less secure. It is therefore recommended to disable this feature to prevent unauthorized authentication by intruders.
sudo nano /etc/ssh/sshd_config.
sudo systemctl restart sshd.service.
In this article, which you were introduced to the main configuration points of the SSH Protocol comes to an end. We strongly recommend you to examine the contents after issuing activate commands, as it sometimes contains errors. Their decision to search for official documentation of the tool or of the CentOS distribution.