Skip to content

Create PEM file for your Linux server

Objective: To disable password based logins and login only using key based authentication. Will create a pem file which will be used to access the server. OS used is CentOS 7 64bit.

Note: Change the trb name to your own key name.

1- Cd to the dir for which server/domain you want to create the keys, remember it’s on your local machine:

cd /backup/

2- Create the keys, this will create public and private keys. Enter the name(trb in my case) when asked. I skipped the passphrase.

ssh-keygen -t rsa -b 2048

3- Let’s keep the private key as it is and create a new pem file from it:

openssl rsa -in trb -outform pem > trb.pem

Now copy the public key to your remote server by(change the ip to your server ip):

ssh-copy-id -i root@

4- Change the permissions of pem file:

chmod 400 trb.pem

5- Now login to the server with the pem file:

ssh -i trb.pem root@

Keep this terminal tab open. In case something goes wrong, to revert back to older edits.

If you were able to login to your server, that means all good so far. Now let’s disable the password based logins.

6- Disable PasswordAuthentication in sshd_config:

vim /etc/ssh/sshd_config

Change PasswordAuthentication yes to PasswordAuthentication no . It will be most likely line number 79 in sshd_config file.

systemctl restart sshd

Now open new terminal/konsole tab and try to login with password as you were doing it before. If you get the following error then it means you successfully disabled the password based logins.

Permission denied (publickey,gssapi-keyex,gssapi-with-mic).

I assume that the tab which you used for the key based login is still open and you are inside the server. Now try again with the key in a new tab, all good?, well that’s it then. If not try to rollback to the password based login and follow the steps again. Hope you will make it this time. 🙂

Published inLinuxWeb Server

Leave a Reply

4 Comment threads
0 Thread replies
Most reacted comment
Hottest comment thread
4 Comment authors
johnwesleyNewmanMonishDigvijay Recent comment authors

This site uses Akismet to reduce spam. Learn how your comment data is processed.

newest oldest most voted
Notify of

Nice and To the point article


Very nice. I searched a lot of blog but now I am at the right place


Finally, someone who knows how to explain this.


good post with clarity in picturing correctly the terms ‘remote’, ‘server’, ‘client’ and ‘local’ machines. Thankyou

Theme by Compete Themes. Enhanced for The Random Bits only. © The Random Bits 2018.