How to implement more secure SSH login on CentOS server using key authentication

How to use key authentication to achieve more secure SSH login on CentOS server

In server management, ensuring system security is crucial. SSH (Secure Shell) is an encrypted network protocol used for remote login to Linux and UNIX servers. To further strengthen the security of the server, we can use key authentication instead of password login. This article will introduce how to implement a more secure SSH login on a CentOS server and provide corresponding code examples.

Step 1: Generate a key pair

First, generate a key pair on the local machine. Open a terminal window and enter the following command:

ssh-keygen -t rsa

This command will use the RSA algorithm to generate a key pair. Press Enter to confirm the key saving path and file name. You will then be asked to enter the password for your key. You can choose to set a password or leave it blank and press Enter to continue generating the key.

After successful generation, you will find two files under the specified path: id_rsa (private key) and id_rsa.pub (public key).

Step 2: Copy the public key to the server

Next, copy the public key to the CentOS server. Copy the public key to the server using the following command:

ssh-copy-id user@server_ip_address

Replace "user" with your username on the CentOS server and "server_ip_address" with the server's IP address. You will be asked to enter your password to authenticate.

After successfully copying the public key, you will get the following output:

Number of key(s) added: 1

Step 3: Configure SSH service

On the server, open the SSH configuration file to set it up. Open the file with the following command:

sudo vi /etc/ssh/sshd_config

Locate and ensure that the following lines are uncommented and set the values ​​as follows:

PubkeyAuthentication yes
PasswordAuthentication no
PermitRootLogin no

Uncommenting means allow public key authentication, disable password authentication, and prohibit Log in directly as root user. After making changes, save and close the file.

Next, restart the SSH service to apply the changes:

sudo systemctl restart sshd

Step 4: Test SSH login

Now, you have completed the configuration. You can test whether the SSH login is successful using the following command:

ssh user@server_ip_address

Replace "user" with your username and "server_ip_address" with the server's IP address. The system will attempt to authenticate using your private key.

If everything is set up correctly, you will successfully log in to your CentOS server without entering a password.

Extra Tip:

• To further enhance server security, you can use Passphrase to protect the private key. In this way, even if the private key is stolen, the authentication cannot be passed.
• Make sure the permissions of the private key file are set to 600, that is, only the owner can read and write.
• Use different key pairs to authenticate multiple users.
• Replace the key pair regularly to increase security.

Summary:

Using key authentication can greatly improve the security of the server and prevent malicious logins and password brute force cracking. This article describes how to implement a more secure SSH login on a CentOS server and provides corresponding code examples. By following these steps, you can easily set up key authentication for your server and keep your system secure.

The above is the detailed content of How to implement more secure SSH login on CentOS server using key authentication. For more information, please follow other related articles on the PHP Chinese website!