helper.sh
Auto
English
English 日本語 简体中文 繁體中文

Security hardening

centos_disable_password_ssh.sh

Built for CentOS and similar OpenSSH hosts that should move from password-based login to key-only access. The script refuses to proceed unless a usable authorized_keys file exists for the target user, then updates sshd_config with idempotent edits and validates the result before reloading the daemon.

One-liner

curl -fsSL helper.sh/centos_disable_password_ssh.sh | sudo bash
curl -fsSL -o centos_disable_password_ssh.sh helper.sh/centos_disable_password_ssh.sh && sudo bash centos_disable_password_ssh.sh

Requirements

  • CentOS or similar OpenSSH host
  • root privileges or sudo
  • A non-empty authorized_keys file for the target user
  • /etc/ssh/sshd_config present

Best for

  • Disable SSH password login after key-based access is ready
  • Standardize key-only hardening on CentOS maintenance tasks
  • Reduce brute-force password attack surface on exposed SSH hosts

Highlights

  • Fails fast if the target user does not already have authorized_keys
  • Uses idempotent sshd_config edits instead of blind string appends
  • Restores the original config automatically if sshd -t fails

Recommended procedure

  1. Ensure your SSH public key is already installed for the target user.
  2. Fetch the script from helper.sh and run it with sudo or as root.
  3. Let the script update sshd_config, validate it, and reload sshd.
  4. Open a second SSH session and verify key-based login still works before closing the first session.

Safety notes

  • Do not run this script before verifying key-based SSH access from another terminal.
  • Set TARGET_USER=<name> if the authorized_keys file belongs to a non-root account.
  • The script leaves UsePAM enabled to avoid unnecessary session handling regressions.

Scenario article

How to disable SSH password login on CentOS without locking yourself out

A practical guide to using centos_disable_password_ssh.sh only after key-based access is confirmed, so you can turn off password login on CentOS safely and predictably.

Read article

Related topics

CentOS 7 maintenance and recovery

Keep legacy CentOS 7 hosts installable and maintainable when yum repositories fail, mirrors expire, or Docker data needs to be moved off a crowded disk.

Open topic

Problem pages

Why can I not connect after disabling SSH password login on CentOS

The usual cause is disabling PasswordAuthentication before confirming that the target account already has a working authorized_keys file and a successful key-based login test.

Open page