Switching authentication methods in SSHD
How to enable or disable authentication methods in the SSH Daemon on a Linux server?
Overview: This article describes how to enable or disable password and public key authentication methods in the SSH Daemon on a Linux server, including steps to safely back up and modify the SSH configuration using commands.
Password authentication and key-based authentication are two common methods used to access Linux systems securely. Key-based authentication is generally considered more secure than password authentication because it relies on strong cryptography, eliminates the risk of weak passwords, and provides an additional layer of protection through passphrase encryption.
Important commands to take backup and check configuration files before restarting the service:
1. Install perl on the server.
username@server ~]# apt install perl -y #Ubuntu
username@server ~]# yum install perl -y #CentOS
2. Take a backup of the configuration file before making any changes.
username@server ~]# cp -p /etc/ssh/sshd_config /etc/ssh/sshd_config_backup
3. Use the diff command to compare the backup file and the original file to view the changes.
username@server ~]# diff /etc/ssh/sshd_config /etc/ssh/sshd_config_backup
< PasswordAuthentication yes
---
> PasswordAuthentication no
4. Run the sshd -t command to verify that sshd is configured correctly.
username@server ~]# sshd -t
Enable or disable password or public key authentication in SSH Daemon?
1. How to enable public key authentication in SSH Daemon?
username@server ~]# perl -p -i -e "s/[\s#]*[pP]ubkey[aA]uthentication\s+(yes|no)/PubkeyAuthentication yes/" /etc/ssh/sshd_config
username@server ~]# cat /etc/ssh/sshd_config | grep -i "PubkeyAuthentication"
PubkeyAuthentication yes
username@server ~]# systemctl restart sshd
2. How to disable public key authentication in SSH Daemon?
username@server ~]# perl -p -i -e "s/[\s#]*[pP]ubkey[aA]uthentication\s+(yes|no)/PubkeyAuthentication no/" /etc/ssh/sshd_config
username@server ~]# cat /etc/ssh/sshd_config | grep -i "PubkeyAuthentication"
PubkeyAuthentication no
username@server ~]# systemctl restart sshd
3. How to enable password authentication in SSH Daemon?
username@server ~]# perl -p -i -e "s/[\s#]*[pP]assword[aA]uthentication\s+(yes|no)/PasswordAuthentication yes/" /etc/ssh/sshd_config
username@server ~]# cat /etc/ssh/sshd_config | grep -i "PasswordAuthentication"
PasswordAuthentication yes
username@server ~]# systemctl restart sshd
4. How to disable password authentication in SSH Daemon?
username@server ~]# perl -p -i -e "s/[\s#]*[pP]assword[aA]uthentication\s+(yes|no)/PasswordAuthentication no/" /etc/ssh/sshd_config
username@server ~]# cat /etc/ssh/sshd_config | grep -i "PasswordAuthentication"
PasswordAuthentication no
username@server ~]# systemctl restart sshd
Run the above commands in the parallel shell of Ezeelogin to change the authentication methods across different server groups or all servers added to Ezeelogin.
Refer to the detailed article onparallel shell.
Related Articles: