×

This article covers how to enable ssh passwordless login using ssh-keygen and ssh-copy-id. In fact, SSH (Secure SHELL) can be used to transfer files from one computer to another computer over the network using a secure copy (SCP) Protocol.

ssh-keygen creates the public and private keys. ssh-copy-id copies the local-host's public key to the remote-host's authorized_keys file. ssh-copy-id also assigns proper permission to the remote-host's home, ~/.ssh, and ~/.ssh/authorized_keys.



This article covers how to create a new SSH key pair and set up an SSH key-based authentication. You can set up same key to multiple remote hosts on CentOS system. Also, you will learn how to disable SSH password authentication.

SSH, or secure shell, is an encrypted protocol used to administer and communicate with servers. When working with a CentOS server, chances are, you will spend most of your time in a terminal session connected to your server through SSH.

SSH keys are typically configured in an authorized_keys file in . ssh subdirectory in the user's home directory. Typically a system administrator would first create a key using ssh-keygen and then install it as an authorized key on a server using the ssh-copy-id tool.

The public key should be stored in the ~/. ssh/authorized_keys file on the server.


To Create the RSA Key Pair:

1. Execute the command below to create a key pair on the client machine (usually your computer):

$ ssh-keygen

2. Press ENTER to save the key pair into the .ssh/ subdirectory in your home directory, or specify an alternate path.


Best Practices to improve SSH Key Security:

  • Discover all SSH Keys and Bring Under Active Management.
  • Ensure SSH Keys Are Associated With a Single Individual.
  • Enforce Minimal Levels of User Rights Through PoLP.
  • Stay Attentive to SSH Key Rotation.
  • Eliminate Hardcoded SSH Keys.
  • Audit All Privileged Session Activity.



This article covers how to create a new SSH key pair and set up an SSH key-based authentication. You can set up same key to multiple remote hosts. Also, you will learn how to disable SSH password authentication. SSH stands for Secure Shell and works as a method to establish remote connections between computers. SSH is usually used to log in and manage a remote server.

SSH key pairs can be used to authenticate a client to a server. The client creates a key pair and then uploads the public key to any remote server it wishes to access. This is placed in a file called authorized_keys within the ~/. ssh directory in the user account's home directory on the remote server.


To Disable Password Authentication:

Disabling password authentication is a security precaution. It prevents brute-force attacks against attempting to log in to the server.

1. Start by logging into the remote server:

$ ssh user@hostname

2. Next, edit the sshd_config file in a text editor of your choice (we are using nano):

$ sudo nano /etc/ssh/sshd_config

3. Find and modify the following lines to look as follows:

PasswordAuthentication no
ChallengeResponseAuthentication no
UsePAM no

4. Write the changes, then exit the editor. Restart the SSH service by entering the following:

$ sudo systemctl restart ssh



This article covers how to setup an SSH key-based authentication as well how to connect to your Linux server without entering a password.
To set up a passwordless SSH login in Linux all you need to do is to generate a public authentication key and append it to the remote hosts ~/.ssh/authorized_keys file.

To Disable SSH Password Authentication
To add an extra layer of security to your server you can disable the password authentication for SSH.
Before disabling the SSH password authentication make sure you can log in to your server without a password and the user you are logging in with has sudo privileges.
The following steps describe how to configure sudo access:
1. Log into your remote server with SSH keys, either as a user with sudo privileges or root:

# ssh sudo_user@server_ip_address

2. Open the SSH configuration file /etc/ssh/sshd_config, search for the following directives and modify as it follows:

/etc/ssh/sshd_config
PasswordAuthentication no
ChallengeResponseAuthentication no
UsePAM no

3. Once you are done save the file and restart the SSH service.
On Ubuntu or Debian servers, run the following command:

# sudo systemctl restart ssh

On CentOS or Fedora servers, run the following command:

# sudo systemctl restart sshd




More Linux Tutorials

We create Linux HowTos and Tutorials for Sys Admins. Visit us on IbmiMedia.com

Also for Tech related tips, Visit forum.outsourcepath.com or General Technical tips on www.outsourcepath.com