Configuring SSH Public Key Authentication on CentOS 6.4

Having to use password authentication each time you wish to access your server can be a serious pain. Not only does it require extra keystrokes, it is also less secure and far more susceptible to successful brute-force attacks.

Enter public-key authentication, where you instead use asymmetric cryptography. The first thing to do is generate a key-pair on your client machine. You can optionally provide a passphrase to unlock the private key if you so wish.

$ ssh-keygen -q -t rsa -C "your@email.com"

We now need to add the client’s public key to the list of authorised keys for the server’s specified user.

$ cat ~/.ssh/id_rsa.pub | ssh user@hostname "cat >> ~/.ssh/authorized_keys"

Once this has been successfully copied across, we just need to enable the daemon to use the new form of authentication. This will be the last time you will have to authenticate via password.

$ ssh user@hostname
$ sudo sed -i "s/^\#RSAAuthentication.*$/RSAAuthentication yes/g" /etc/ssh/sshd_config
$ sudo sed -i "s/^\#PubkeyAuthentication.*$/PubkeyAuthentication yes/g" /etc/ssh/sshd_config
$ sudo /etc/init.d/sshd restart