OpenSSH is a free version of version of the Secure Shell (SSH) protocol family of tools for remotely controlling, or transferring files between computer systems. The traditional tool like telnet which is insecure and transmit the user’s password in cleartext. SSH is a secured remote control protocol and it can be authenticated using Password Authentication and Public Key base Authentication.
OpenSSH with Password Authentication
OpenSSH is installed by default on CentOS 8 and the password authentication is enabled by default as well. Root user account login allowed and it is recommended that you disable SSH remote for root user and allow a standard user account instead.
1. Edit SSH configuration file
2. Disable root user login by changing PermitRootLogin to no and save the configuration file.
4. Allow SSH (TCP port 22) in firewall and reload. I got a warning because SSH port already enabled.
6. Now let try to remote SSH from client host to the server using following command. At your first remote session, you will be asked to accept the key exchange, just type Yes to accept it and enter the password of user itgeek to establish the connection.
3. Let try to remote to the server and SSH connection will be established without requiring the password of user itgeek.
4. Once the remote session can be established using keypair, we don’t need password authentication anymore. This will add another layer of security for your production server. Let disable password authentication in the /etc/ssh/sshd_config file. Set the following configuration to no
Now the password-based authentication is disabled and you can remote to your server using Key based authentication only.