helper.sh
自動
日本語
English 日本語 简体中文 繁體中文

Security hardening

centos_disable_password_ssh.sh

Built for CentOS and similar OpenSSH hosts that should move from password-based login to key-only access. The script refuses to proceed unless a usable authorized_keys file exists for the target user, then updates sshd_config with idempotent edits and validates the result before reloading the daemon.

ワンライナー

curl -fsSL helper.sh/centos_disable_password_ssh.sh | sudo bash
curl -fsSL -o centos_disable_password_ssh.sh helper.sh/centos_disable_password_ssh.sh && sudo bash centos_disable_password_ssh.sh

実行条件

  • CentOS or similar OpenSSH host
  • root privileges or sudo
  • A non-empty authorized_keys file for the target user
  • /etc/ssh/sshd_config present

適用場面

  • Disable SSH password login after key-based access is ready
  • Standardize key-only hardening on CentOS maintenance tasks
  • Reduce brute-force password attack surface on exposed SSH hosts

主なポイント

  • Fails fast if the target user does not already have authorized_keys
  • Uses idempotent sshd_config edits instead of blind string appends
  • Restores the original config automatically if sshd -t fails

推奨手順

  1. Ensure your SSH public key is already installed for the target user.
  2. Fetch the script from helper.sh and run it with sudo or as root.
  3. Let the script update sshd_config, validate it, and reload sshd.
  4. Open a second SSH session and verify key-based login still works before closing the first session.

注意事項

  • Do not run this script before verifying key-based SSH access from another terminal.
  • Set TARGET_USER=<name> if the authorized_keys file belongs to a non-root account.
  • The script leaves UsePAM enabled to avoid unnecessary session handling regressions.

関連記事

How to disable SSH password login on CentOS without locking yourself out

A practical guide to using centos_disable_password_ssh.sh only after key-based access is confirmed, so you can turn off password login on CentOS safely and predictably.

記事を見る

関連トピック

CentOS 7 maintenance and recovery

Keep legacy CentOS 7 hosts installable and maintainable when yum repositories fail, mirrors expire, or Docker data needs to be moved off a crowded disk.

トピックを見る

問題ページ

Why can I not connect after disabling SSH password login on CentOS

The usual cause is disabling PasswordAuthentication before confirming that the target account already has a working authorized_keys file and a successful key-based login test.

ページを見る