Objective: To disable password based logins and login only using key based authentication. Will create a pem file which will be used to access the server. OS used is CentOS 7 64bit.
Note: Change the trb name to your own key name.
1- Cd to the dir for which server/domain you want to create the keys, remember it’s on your local machine:
2- Create the keys, this will create public and private keys. Enter the name(trb in my case) when asked. I skipped the passphrase.
ssh-keygen -t rsa -b 2048
3- Let’s keep the private key as it is and create a new pem file from it:
openssl rsa -in trb -outform pem > trb.pem
Now copy the public key to your remote server by(change the ip to your server ip):
ssh-copy-id -i trb.pub firstname.lastname@example.org
4- Change the permissions of pem file:
chmod 400 trb.pem
5- Now login to the server with the pem file:
ssh -i trb.pem email@example.com
Keep this terminal tab open. In case something goes wrong, to revert back to older edits.
If you were able to login to your server, that means all good so far. Now let’s disable the password based logins.
6- Disable PasswordAuthentication in sshd_config:
Change PasswordAuthentication yes to PasswordAuthentication no . It will be most likely line number 79 in sshd_config file.
systemctl restart sshd
Now open new terminal/konsole tab and try to login with password as you were doing it before. If you get the following error then it means you successfully disabled the password based logins.
Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
I assume that the tab which you used for the key based login is still open and you are inside the server. Now try again with the key in a new tab, all good?, well that’s it then. If not try to rollback to the password based login and follow the steps again. Hope you will make it this time. 🙂