Secure Login with SSH Keys in CentOS

In this guide, you will learn how to establish a password-free, secure and fast connection on a server with CentOS operating system.
You will create an SSH key pair, transfer the public key to the server, and disable password entry.
This method provides strong defense against brute-force attacks and simplifies management.

💡 What Will You Learn in This Guide?

Create RSA key pair on local computer
Copy the public key to the CentOS server
Login without password with SSH key
Completely disable password-based login

1️⃣ Generating an RSA Key Pair

SSH keys are one of the most secure methods of authentication.
As a first step, we will create an RSA key pair on your own device.

A. Run ssh-keygen Command

ssh-keygen

➡️ This command creates a 2048-bit RSA key pair. For a stronger key if you want:

ssh-keygen -b 4096

B. Select Key Location

The command will ask you for a file location:

Enter file in which to save the key (/home/kullanici/.ssh/id_rsa):

You can save it in the default directory by pressing ENTER.

C. Add Secure Password (Passphrase)


Enter passphrase (empty for no passphrase):

🔒 Entering a password is optional but highly recommended. Even if your private key is stolen, it cannot be used without a password.

D. Key Files

The two resulting files are:

~/.ssh/id_rsa → Private key (never share)

~/.ssh/id_rsa.pub → Public key (will be sent to the server)

💬 Important Note: If there is a key with the same name, overwriting it will revoke old access. Be careful!

2️⃣ Transferring Public Key to Server

The public key (id_rsa.pub) needs to be added to the ~/.ssh/authorized_keys file on the server. You can do this in three different ways 👇

🅐 Auto-Copy with ssh-copy-id (Recommended)


ssh-copy-id kullanici@sunucu_ip

This command copies the public key to the server. At the first connection, type “yes” to continue, then enter the password.

Number of key(s) added: 1
Now try logging into the machine with: ssh 'kullanici@sunucu_ip'

You can now log in without a password:

ssh kullanici@sunucu_ip

🅑 Using SSH + Pipe

Alternatively if you don't have ssh-copy-id:

cat ~/.ssh/id_rsa.pub | ssh kullanici@sunucu_ip "mkdir -p ~/.ssh && chmod 700 ~/.ssh && cat >> ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys"

This command creates the .ssh directory and adds its key to the authorized_keys file.

🅒 Manual Copy (From Console)

If you have manual access to the server:

View key locally:

cat ~/.ssh/id_rsa.pub

Create .ssh directory on the server:

mkdir -p ~/.ssh

Add the key to the authorized_keys file:

echo "GENEL_ANAHTAR_ICERIGI" >> ~/.ssh/authorized_keys

Set permissions:

chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys

If you did it for a user other than the root account:

chown -R kullanici:kullanici ~/.ssh

✅ Note: If the permissions are too explicit, it will reject the SSH key. The "Permission denied (publickey)" error usually occurs here.

Now is the time to log in without a password 👇

ssh kullanici@sunucu_ip

An authentication warning may appear on the first connection:

The authenticity of host '203.0.113.1' can't be established.
Are you sure you want to continue connecting (yes/no)? yes

Type “yes” and press ENTER. If you set a password when creating the key, you will now be prompted to enter it. After successful login, a direct shell session is opened.

⚠️ Critical Warning: Before performing this step, make sure that the account you log in with SSH key has sudo authority. Otherwise you won't be able to access the server again.

Connect to server:

ssh kullanici@sunucu_ip

Open SSH configuration file:

sudo nano /etc/ssh/sshd_config

Find and edit this line:


PasswordAuthentication no

Remove the # sign at the beginning of the line.

Save the file and restart the SSH service:

sudo systemctl restart sshd

Open a new terminal and test:

ssh kullanici@sunucu_ip

If everything is OK, the system now only allows key-based login.

❓ Frequently Asked Questions (FAQ)

1. What happens if I lose my SSH key?

You must generate a new key and re-add it to the authorized_keys file on the server.

2. Why are SSH keys more secure?

Cryptographic strings of 2048 or 4096 bits cannot be broken by brute-force and are thousands of times stronger than passwords.

3. Why are authorized_keys permissions important?

If the file is writable by anyone, the SSH service rejects it.

4. What is sshd?

SSH Daemon; It is the service that manages connections in the background. In CentOS, it is controlled with the systemctl restart sshd command.

5. Can I use the key on other servers?

Yes, just add the content of id_rsa.pub to the authorized_keys file of other servers.

🏁 Result

A passwordless, secure SSH connection is now active on your CentOS server. This method both increases speed and maximizes your security level.

🚀 You can also apply all these steps on your servers on GenixNode and strengthen your infrastructure against brute-force attacks.

💡 What Will You Learn in This Guide?​

1️⃣ Generating an RSA Key Pair​

A. Run ssh-keygen Command​

B. Select Key Location​

C. Add Secure Password (Passphrase)​

D. Key Files​

2️⃣ Transferring Public Key to Server​

🅐 Auto-Copy with ssh-copy-id (Recommended)​

🅑 Using SSH + Pipe​

🅒 Manual Copy (From Console)​

3️⃣ Login with SSH Keys​

4️⃣ Closing Login with Password (SSH Hardening)​

❓ Frequently Asked Questions (FAQ)​

🏁 Result​