SSH rays volume light concept 3d illustration
Image: profit_image/Adobe Stock

Cockpit is an outstanding web-based GUI for managing your Linux servers. Most RHEL-based servers ship with Cockpit installed and make it easy to do things like manage services, storage, networking, containers, updates, user accounts, logs, SELinux and more.

Another less obvious feature found in Cockpit is the ability to manage SSH keys for remote SSH key authentication. Imagine this: You log into Cockpit on your AlmaLinux server, and you want to then use SSH to log in to yet another server with the built-in terminal feature. What do you do?

If you want to work with SSH key authentication because it’s more secure, you’ll want to make sure the remote server has the public key of the Cockpit server added. You can do this all from the command line, but there’s an easier way – especially if you use multiple SSH keys – built right into Cockpit.

Let me show you how this works.

SEE: 40+ open source and Linux terms you need to know (TechRepublic Premium)

What you’ll need

To make this work, you’ll need one server with Cockpit up and running and at least one other server to accept SSH logins. I’ll show you how to add SSH keys from a nonstandard directory and add multiple keys for different purposes. You’ll also need a user with sudo privileges on the Cockpit host.

How to enable the Cockpit service

On the off-chance you’ve yet to enable Cockpit, here’s how. Log into the server hosting Cockpit  and issue the command:

sudo systemctl enable --now cockpit.socket

Once Cockpit is enabled, you can log into the web-based interface by pointing a browser to https://SERVER:9090 (where SERVER is the hosting server) and logging in as a user with sudo privileges.

How to add an SSH key

One of the things Cockpit cannot do is generate your server’s SSH key. If you haven’t already done that, let’s take care of it now. I’m going to show you how to not only add an SSH key from the default ~/.ssh directory but create an SSH key and save it to a non-standard directory to make it easier to manage your keys.

Log into your Cockpit host via SSH. Create a new directory with the command:

sudo mkdir /data

Next, change the ownership of that directory to your user with:

sudo chown -R $USER.$USER /data

You can name data whatever you like; I just chose that by default.

Generate a new SSH key with the command:

ssh-keygen

You might also want to add a comment to the new key, so you can keep track of which key it is. Say, for example, you want to generate an SSH key that will be used for your Ubuntu servers. For that, you could issue the command:

ssh-keygen -C "Ubuntu Servers"

When asked to enter the file in which to save the key, type /data/key1_rsa (you can change the name of the key to whatever you need) and hit Enter on your keyboard.

You’ll then be required to type and verify a passphrase for the key. Once you’ve taken care of that, you should have a matching key pair in the /data folder (key1_rsa and key1_rsa.pub). Create as many keys as you need.

How to manage SSH keys with Cockpit

Now that your keys are created, let’s manage them with Cockpit. Remember, these keys will need to be copied to your remote servers for SSH key authentication. Although Cockpit doesn’t have a built-in mechanism to automate this process, it at least gives you a well-designed GUI to add and use the keys you need.

Log into Cockpit as an admin user and then click the Session drop-down in the upper-right corner. From that drop-down, click SSH Keys (Figure A).

Figure A

Image: Jack Wallen/TechRepublic. The Session drop-down in Cockpit.

In the resulting window (Figure B), click Add Key.

Figure B

Image: Jack Wallen/TechRepublic. The Cockpit SSH key manager is very basic but effective.

Click the location drop-down and select /data from the list (Figure C).

Figure C

Image: Jack Wallen/TechRepublic. Selecting the directory housing our new SSH keys.

If you click the location drop-down a second time, the keys housed in that directory will appear (Figure D).

Figure D

Image: Jack Wallen/TechRepublic. Our keys are ready to be added.

Select the key you just created and then click Add. You’ll be prompted for the key passphrase (Figure E).

Figure E

Image: Jack Wallen/TechRepublic. Type the passphrase for your key so it can be added to the Cockpit key manager.

Type the passphrase for the key and click Unlock and the key will then be added.

How to use your SSH keys in Cockpit

Now, we’re going to copy our newly-added SSH key in Cockpit and add it to a remote server. From the Cockpit SSH key manager, expand the entry of the key you want to use and then click the Public Key tab. In that tab (Figure F), click the clipboard icon to copy the key.

Figure F

Image: Jack Wallen/TechRepublic. Copying the public key for SSH key authentication within Cockpit.

Now, click the Terminal entry in the left sidebar and SSH into the server in which you want to copy the key. Once you’ve logged in, issue the command:

nano .ssh/authorized_keys

With that file open, paste the copied key and save and close the file. Exit from the SSH session and then log in again.

With the SSH key in place, you shouldn’t be asked for the remote machine’s password. Because we saved our SSH keys to a non-standard directory, your SSH command would look something like this:

ssh -i /data/key1_rsa 192.168.1.30

And that’s all there is to manage your SSH keys with Cockpit. Remember, you can add as many keys as you need to the system, each of which could be used for a different purpose, and with the help of Cockpit, you shouldn’t have any problem accessing and using those keys.

Subscribe to TechRepublic’s How To Make Tech Work on YouTube for all the latest tech advice for business pros from Jack Wallen.