Create a (secure) SSH user on CentOS 7
In this blogpost, I will focus on setting up SSH keys on a CentOS 7 installation. SSH keys provide a straightforward, secure way of logging into your server and is the recommended authentication method.
Create a new user
Log in to your CentOS 7 server with a root
account.
ssh root@server_ip_address
Use the adduser
command to add a new user to your centos 7 server.
adduser username
Create RSA Key-Pair
The next step is to create a key pair on the client machine that is going to use the account:
ssh-keygen -b 4096
-b 4096 is used to created a more secure (longer) keypair
$ ssh-keygen -b 4096
Generating public/private rsa key pair.
Enter file in which to save the key (/your_home/.ssh/id_rsa):
If you leave file path blank it will save to ~/.ssh/
You now have a public and private key that you can use to setup ssh authentication with the Centos 7 server.
Copy the Public Key to the CentOS 7 Server
Client Machine
To display the content of your id_rsa.pub
key, type this into client machine where you peformed the commands from the previous chapter:
cat ~/.ssh/id_rsa.pub
the path mentioned in the above command can defer if you specified another location in the previous chapter.
CentOS 7 server
Impersonate the newly created user so the files we will create will have the right permissions:
sudo su username
Now we need to add the public key to the authorized_keys
file, this file must be placed in the ~/.ssh
directory.
Let's create it in case it doesn't exist:
mkdir ~/.ssh
Now you need to create or modify the authorized_keys
file within this directory.
Now add the public key to the end of the authorized_keys
file with the following command:
echo 'content of id_rsa.pub' >> ~/.ssh/authorized_keys
The above command will do an append this means it will create the file if non-existent or add the public key if there's data in the file already.
Set permissions on the .ssh
folder and authorized_keys
file:
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys
~
will automatically resolve to the logged in user home directory
Sudo (optional)
Use the usermod
command to add the user to the wheel
group for Sudo access for the new user account.
usermod -aG wheel username