[CentOS] Securing SSH

Tue Mar 25 17:46:43 UTC 2008
Ingemar Nilsson <init at kth.se>

Tim Alberts wrote:

> I got keys setup so I know 
> I'm talking to my server.

This is probably not what he meant. You can use a key pair to 
authenticate with the SSH server and turn off password authentication 
entirely. That makes password guessing attacks utterly impossible, 
because the server will only accept a response signed with your private key.

ssh-keygen -t rsa


ssh-keygen -t dsa

generates a key pair. Do this on your local machine, and append the 
contents of your $HOME/.ssh/id_rsa.pub (or id_dsa if you chose DSA 
instead of RSA) to your $HOME/.ssh/authorized_keys file on the remote 

This method is somewhat more complicated to setup, since all users must 
have public keys in their $HOME/.ssh/authorized_keys file, or they can't