Skip to Content

Switching authentication methods in SSHD

How to enable or disable authentication methods in the SSH Daemon on a Linux server?


Overview: This article describes how to enable or disable password and public key authentication methods in the SSH Daemon on a Linux server, including steps to safely back up and modify the SSH configuration using commands.


Password authentication and key-based authentication are two common methods used to access Linux systems securely. Key-based authentication is generally considered more secure than password authentication because it relies on strong cryptography, eliminates the risk of weak passwords, and provides an additional layer of protection through passphrase encryption.

Important commands to take backup and check configuration files before restarting the service:

1. Install perl on the server.

username@server ~]# apt install perl -y            #Ubuntu

username@server ~]# yum install perl -y            #CentOS

2. Take a backup of the configuration file before making any changes.

username@server ~]# cp -p /etc/ssh/sshd_config /etc/ssh/sshd_config_backup

3. Use the diff command to compare the backup file and the original file to view the changes.

username@server ~]# diff /etc/ssh/sshd_config /etc/ssh/sshd_config_backup

< PasswordAuthentication yes

---
> PasswordAuthentication no

4. Run the sshd -t command to verify that sshd is configured correctly.

username@server ~]# sshd -t

Enable or disable password or public key authentication in SSH Daemon?

1. How to enable public key authentication in SSH Daemon?

username@server ~]# perl -p -i -e "s/[\s#]*[pP]ubkey[aA]uthentication\s+(yes|no)/PubkeyAuthentication yes/" /etc/ssh/sshd_config

username@server ~]# cat /etc/ssh/sshd_config | grep -i "PubkeyAuthentication"

PubkeyAuthentication yes

username@server ~]# systemctl restart sshd

2. How to disable public key authentication in SSH Daemon?

username@server ~]# perl -p -i -e "s/[\s#]*[pP]ubkey[aA]uthentication\s+(yes|no)/PubkeyAuthentication no/" /etc/ssh/sshd_config

username@server ~]# cat /etc/ssh/sshd_config | grep -i "PubkeyAuthentication"

PubkeyAuthentication no

username@server ~]# systemctl restart sshd

3. How to enable password authentication in SSH Daemon?

username@server ~]# perl -p -i -e "s/[\s#]*[pP]assword[aA]uthentication\s+(yes|no)/PasswordAuthentication yes/" /etc/ssh/sshd_config

username@server ~]# cat /etc/ssh/sshd_config | grep -i "PasswordAuthentication"

PasswordAuthentication yes

username@server ~]# systemctl restart sshd

4. How to disable password authentication in SSH Daemon?

username@server ~]# perl -p -i -e "s/[\s#]*[pP]assword[aA]uthentication\s+(yes|no)/PasswordAuthentication no/" /etc/ssh/sshd_config

username@server ~]# cat /etc/ssh/sshd_config | grep -i "PasswordAuthentication"

PasswordAuthentication no

username@server ~]# systemctl restart sshd

Run the above commands in the parallel shell of Ezeelogin to change the authentication methods across different server groups or all servers added to Ezeelogin.

Refer to the detailed article onparallel shell.


Related Articles:

Run sshd on different ports.

Configurations to be enabled in sshd config.