/How to add public SSH keys for users in Cockpit

How to add public SSH keys for users in Cockpit

Adding public SSH keys with Cockpit can easily be handled by a Cockpit admin.

How to add public SSH keys for users in Cockpit
Adding public SSH keys with Cockpit can easily be handled by a Cockpit admin.

Red Hat Enterprise Linux 8 and CentOS 8 both include the powerful admin tool Cockpit. With this tool, you can manage many aspects of the server. One such aspect is the addition of public SSH keys for users. By adding these keys, users are then able to make use of key authentication with their SSH logins to the server. Yes, you could do this from each client machine, using the ssh-copy-id command, but as an administrator, you don’t want to have to walk around the company and sit at each desktop to send those keys to the server.

Instead, you can simply add those keys from the Cockpit web-based interface. This means you must have copies of your users’ public keys, which you might already have. Depending on your security policy, you might even allow users to log into Cockpit (more on this in a bit). 

But for those users who require logging in to that server via SSH, adding secure key authentication should be a priority. So let’s find out how to add those public keys via Cockpit.

SEE: 10 things companies are keeping in their own data centers (TechRepublic download)

How to locate the public key

For those that have yet to acquire copies, let me first show you how to locate those public keys. I’ll be demonstrating from Pop!_OS Linux, so if you’re using either a Windows or macOS machine, you’ll have to locate the necessary files based on your platform of choice. To copy the SSH public key for a user, open a terminal window and issue the command:

less /home/USERNAME/.ssh/id_rsa.pub

Where USERNAME is the name of the user in question. That command should display the user’s public SSH key (Figure A).

Figure A

cockpitssha.jpg

A public key to be copied.

Copy that key for later pasting into Cockpit.

For macOS users, the location of the public key is:

/Users/USERNAME/.ssh/id_rsa.pub

Where USERNAME is the name of the user.

For Windows users, the location will vary depending on what application you used to install SSH and which version of the operating system you are using. A good place to start looking is:

C:UsersUSERNAME.ssh

Where USERNAME is the name of the user.

How to add the key to Cockpit

As I said earlier, users can copy their own keys into the Cockpit user account. There are two caveats to this. The first is obvious–you probably don’t want users having access to such a powerful tool. The second is not so obvious. If you have SSH session recording enabled (See: How to enable SSH session recording in CentOS 8), the only user able to log in to Cockpit is the root user. This is by design, as you don’t want those users able to login and reconfigure session recording such that it doesn’t record their activity. 

So to add an SSH key to Cockpit, follow these steps:

  1. Log in to Cockpit.
  2. Click Accounts in the left navigation.
  3. Click on the account you want to modify.
  4. Click the + button associated with Authorized Public SSH Keys (Figure B)
  5. In the resulting window (Figure C) paste the key and click Add Key.

Figure B

cockpitsshb.jpgcockpitsshb.jpg

Adding the key to Cockpit.

Figure C

cockpitsshc.jpgcockpitsshc.jpg

Pasting the SSH key into the proper location.

And that’s it. The next time the user in question attempts to log in to the server hosting Cockpit, they’ll be asked for their SSH key passphrase and not their user password. You can add keys for any user who needs to access the server. Once you’ve added all the keys necessary, consider disabling password authentication for SSH so only those users with SSH public keys added will be able to log in via SSH.

Also see

centoshero.jpgcentoshero.jpg

Image: CentOS

Original Source