How to manage SSH keys on Cockpit for remote SSH key authentication
Cockpit is an outstanding web-based GUI for managing your Linux servers. Most RHEL-based servers ship with Cockpit installed and make it easy to do things like manage services, storage, networking, containers, updates, user accounts, logs, SELinux and more.
Another less obvious feature found in Cockpit is the ability to manage SSH keys for remote SSH key authentication. Imagine this: You log into Cockpit on your AlmaLinux server, and you want to then use SSH to log in to yet another server with the built-in terminal feature. What do you do?
If you want to work with SSH key authentication because it’s more secure, you’ll want to make sure the remote server has the public key of the Cockpit server added. You can do this all from the command line, but there’s an easier way – especially if you use multiple SSH keys – built right into Cockpit.
Let me show you how this works.
SEE: 40+ open source and Linux terms you need to know (TechRepublic Premium)
What you’ll need
To make this work, you’ll need one server with Cockpit up and running and at least one other server to accept SSH logins. I’ll show you how to add SSH keys from a nonstandard directory and add multiple keys for different purposes. You’ll also need a user with sudo privileges on the Cockpit host.
How to enable the Cockpit service
On the off-chance you’ve yet to enable Cockpit, here’s how. Log into the server hosting Cockpit and issue the command:
sudo systemctl enable --now cockpit.socket
Once Cockpit is enabled, you can log into the web-based interface by pointing a browser to https://SERVER:9090
(where SERVER is the hosting server) and logging in as a user with sudo privileges.
How to add an SSH key
One of the things Cockpit cannot do is generate your server’s SSH key. If you haven’t already done that, let’s take care of it now. I’m going to show you how to not only add an SSH key from the default ~/.ssh directory but create an SSH key and save it to a non-standard directory to make it easier to manage your keys.
Log into your Cockpit host via SSH. Create a new directory with the command:
sudo mkdir /data
Next, change the ownership of that directory to your user with:
sudo chown -R $USER.$USER /data
You can name data
whatever you like; I just chose that by default.
Generate a new SSH key with the command:
ssh-keygen
You might also want to add a comment to the new key, so you can keep track of which key it is. Say, for example, you want to generate an SSH key that will be used for your Ubuntu servers. For that, you could issue the command:
ssh-keygen -C "Ubuntu Servers"
When asked to enter the file in which to save the key, type /data/key1_rsa
(you can change the name of the key to whatever you need) and hit Enter on your keyboard.
You’ll then be required to type and verify a passphrase for the key. Once you’ve taken care of that, you should have a matching key pair in the /data folder (key1_rsa and key1_rsa.pub). Create as many keys as you need.
How to manage SSH keys with Cockpit
Now that your keys are created, let’s manage them with Cockpit. Remember, these keys will need to be copied to your remote servers for SSH key authentication. Although Cockpit doesn’t have a built-in mechanism to automate this process, it at least gives you a well-designed GUI to add and use the keys you need.
Log into Cockpit as an admin user and then click the Session drop-down in the upper-right corner. From that drop-down, click SSH Keys (Figure A).
Figure A
In the resulting window (Figure B), click Add Key.
Figure B
Click the location drop-down and select /data from the list (Figure C).
Figure C
If you click the location drop-down a second time, the keys housed in that directory will appear (Figure D).
Figure D
Select the key you just created and then click Add. You’ll be prompted for the key passphrase (Figure E).
Figure E
Type the passphrase for the key and click Unlock and the key will then be added.
How to use your SSH keys in Cockpit
Now, we’re going to copy our newly-added SSH key in Cockpit and add it to a remote server. From the Cockpit SSH key manager, expand the entry of the key you want to use and then click the Public Key tab. In that tab (Figure F), click the clipboard icon to copy the key.
Figure F
Now, click the Terminal entry in the left sidebar and SSH into the server in which you want to copy the key. Once you’ve logged in, issue the command:
nano .ssh/authorized_keys
With that file open, paste the copied key and save and close the file. Exit from the SSH session and then log in again.
With the SSH key in place, you shouldn’t be asked for the remote machine’s password. Because we saved our SSH keys to a non-standard directory, your SSH command would look something like this:
ssh -i /data/key1_rsa 192.168.1.30
And that’s all there is to manage your SSH keys with Cockpit. Remember, you can add as many keys as you need to the system, each of which could be used for a different purpose, and with the help of Cockpit, you shouldn’t have any problem accessing and using those keys.
Subscribe to TechRepublic’s How To Make Tech Work on YouTube for all the latest tech advice for business pros from Jack Wallen.
For all the latest Technology News Click Here
For the latest news and updates, follow us on Google News.