Skip to Content

Switching authentication methods in SSHD

636  Nesvin KN September 21, 2023  General

How to enable or disable authentication methods in the SSH Daemon on a Linux server?

Password authentication and key-based authentication are two common methods used to access Linux systems securely. Key-based authentication is generally considered more secure than password authentication because it relies on strong cryptography, eliminates the risk of weak passwords, and provides an additional layer of protection through passphrase encryption.

ssh client to server, password auth, key auth

Important commands to take backup and check configuration files before restarting the service:

1. Install perl on the server.

username@server ~]# apt install perl -y            #Ubuntu

username@server ~]# yum install perl -y            #CentOS

2. Take a backup of the configuration file before making any changes.

username@server ~]# cp -p /etc/ssh/sshd_config /etc/ssh/sshd_config_backup

3. Use the diff command to compare the backup file and the original file to view the changes.

username@server ~]# diff /etc/ssh/sshd_config /etc/ssh/sshd_config_backup

< PasswordAuthentication yes

---
> PasswordAuthentication no

4. Run the sshd -t command to verify that sshd is configured correctly.

username@server ~]# sshd -t

Enable or disable password or public key authentication in SSH Daemon?

1. How to enable public key authentication in SSH Daemon?

username@server ~]# perl -p -i -e "s/[\s#]*[pP]ubkey[aA]uthentication\s+(yes|no)/PubkeyAuthentication yes/" /etc/ssh/sshd_config

username@server ~]# cat /etc/ssh/sshd_config | grep -i "PubkeyAuthentication"

PubkeyAuthentication yes

username@server ~]# systemctl restart sshd

2. How to disable public key authentication in SSH Daemon?

username@server ~]# perl -p -i -e "s/[\s#]*[pP]ubkey[aA]uthentication\s+(yes|no)/PubkeyAuthentication no/" /etc/ssh/sshd_config

username@server ~]# cat /etc/ssh/sshd_config | grep -i "PubkeyAuthentication"

PubkeyAuthentication no

username@server ~]# systemctl restart sshd

3. How to enable password authentication in SSH Daemon?

username@server ~]# perl -p -i -e "s/[\s#]*[pP]assword[aA]uthentication\s+(yes|no)/PasswordAuthentication yes/" /etc/ssh/sshd_config

username@server ~]# cat /etc/ssh/sshd_config | grep -i "PasswordAuthentication"

PasswordAuthentication yes

username@server ~]# systemctl restart sshd

4. How to disable password authentication in SSH Daemon?

username@server ~]# perl -p -i -e "s/[\s#]*[pP]assword[aA]uthentication\s+(yes|no)/PasswordAuthentication no/" /etc/ssh/sshd_config

username@server ~]# cat /etc/ssh/sshd_config | grep -i "PasswordAuthentication"

PasswordAuthentication no

username@server ~]# systemctl restart sshd

Run the above commands in the parallel shell of Ezeelogin to change the authentication methods across different server groups or all servers added to Ezeelogin.

Refer to the detailed article on parallel shell.
Not Rated