...
Both commands will automatically remove users from all added groups.
Allow Password Authentication
As the root user, run
sudo vi /etc/ssh/sshd_config
.Tap the
i
orinsert
key on your keyboard and edit the lines:PasswordAuthentication no
toPasswordAuthentication yes
Save and exit the vi file by typing
Esc
,:
,w
,q
, andEnter
.Restart the service:
sudo systemctl restart sshd
SSH Key (CentOS 7, CentOS 8, & Ubuntu)
Open a terminal window.
Create a key pair.
Code Block ssh-keygen
The following prompt will appear, click Enter to save in the home directory.
If you previously generated a SSH key pair, it may ask you to overwrite it. Be careful when selecting yes. You will not be able to authenticate the previous key and it cannot be reversed.
Enter a passphrase as desired. Then press Enter.
Copy your public key, specifying which user account you have SSH password access to and the IP address.
Code Block ssh-copy-id newuser@ipaddress
If the following prompt appears, type Yes. This prompt is a result of connecting to the host for the first time.
Enter the user’s password when prompted.
Skip to Step 5 if successful.
If prompted an error, please see the note at the bottom of the pagedouble check that was completed.
If you are not able to use
ssh-copy-id
, an alternative is the following command. Remember to replacenewuser
andipaddress
.Code Block cat ~/.ssh/id_rsa.pub | ssh newuser@ipaddress "mkdir -p ~/.ssh && touch ~/.ssh/authorized_keys && chmod -R go= ~/.ssh && cat >> ~/.ssh/authorized_keys"
Similarly, if the following prompt appears, type Yes. This prompt is a result of connecting to the host for the first time.
Enter the user’s password when prompted.
If prompted an error, please see the note at the bottom of the page.
Exit and reopen the terminal.
Connect to the server with the following, where
newuser
should be replaced with the appropriate user andipaddress
with the IP address of the remote host.Code Block ssh newuser@ipaddress
Once key-based logins are working, you can decide to disable username and password logins for better security.
Edit server’s configuration file.
Code Block sudo vi /etc/ssh/sshd_config
Tap the
i
orinsert
key on your keyboard and edit the lines, referenced below:Code Block [...] PasswordAuthentication no [...] UsePAM no [...]
To save, press
esc
,:
,w
,q
,Enter
.Reload the server’s configuration.
Code Block sudo systemctl restart sshd.service
...
If SSH Key’s Step 3 or 4 prompts an error “Permission denied (public key…)”, please do the following:
Run:
sudo vi /etc/ssh/sshd_config
Tap the
i
orinsert
key on your keyboard and edit the lines:PasswordAuthentication no
toPasswordAuthentication yes
Save and exit the vi file by typing
Esc
,:
,w
,q
, andEnter
.Restart the service:
sudo systemctl restart sshd
...