×

This article covers how to create a new SSH key pair and set up an SSH key-based authentication. You can set up same key to multiple remote hosts on CentOS system. Also, you will learn how to disable SSH password authentication.

SSH, or secure shell, is an encrypted protocol used to administer and communicate with servers. When working with a CentOS server, chances are, you will spend most of your time in a terminal session connected to your server through SSH.

SSH keys are typically configured in an authorized_keys file in . ssh subdirectory in the user's home directory. Typically a system administrator would first create a key using ssh-keygen and then install it as an authorized key on a server using the ssh-copy-id tool.

The public key should be stored in the ~/. ssh/authorized_keys file on the server.


To Create the RSA Key Pair:

1. Execute the command below to create a key pair on the client machine (usually your computer):

$ ssh-keygen

2. Press ENTER to save the key pair into the .ssh/ subdirectory in your home directory, or specify an alternate path.


Best Practices to improve SSH Key Security:

  • Discover all SSH Keys and Bring Under Active Management.
  • Ensure SSH Keys Are Associated With a Single Individual.
  • Enforce Minimal Levels of User Rights Through PoLP.
  • Stay Attentive to SSH Key Rotation.
  • Eliminate Hardcoded SSH Keys.
  • Audit All Privileged Session Activity.



This article covers how to create a new SSH key pair and set up an SSH key-based authentication. You can set up same key to multiple remote hosts. Also, you will learn how to disable SSH password authentication. SSH stands for Secure Shell and works as a method to establish remote connections between computers. SSH is usually used to log in and manage a remote server.

SSH key pairs can be used to authenticate a client to a server. The client creates a key pair and then uploads the public key to any remote server it wishes to access. This is placed in a file called authorized_keys within the ~/. ssh directory in the user account's home directory on the remote server.


To Disable Password Authentication:

Disabling password authentication is a security precaution. It prevents brute-force attacks against attempting to log in to the server.

1. Start by logging into the remote server:

$ ssh user@hostname

2. Next, edit the sshd_config file in a text editor of your choice (we are using nano):

$ sudo nano /etc/ssh/sshd_config

3. Find and modify the following lines to look as follows:

PasswordAuthentication no
ChallengeResponseAuthentication no
UsePAM no

4. Write the changes, then exit the editor. Restart the SSH service by entering the following:

$ sudo systemctl restart ssh



In this article, you will learn how to disable password authentication for SSH including the root user. This will enable the server to only accept key based login and the root user can not login with password.




More Linux Tutorials

We create Linux HowTos and Tutorials for Sys Admins. Visit us on IbmiMedia.com

Also for Tech related tips, Visit forum.outsourcepath.com or General Technical tips on www.outsourcepath.com