Log in with an SSH private key on Linux

Using a text editor, create a file in which to store your private key. This example uses the file private_key.txt.
To edit the file in nano, type the following command

# nano deployment_key.txt

Paste the private key into the file. Be sure to include the BEGIN and END lines.


Run the following command to change the file permissions to 600 to secure the key. You can also set them to 400. This step is required:

# chmod 600 deployment_key.txt

Use the key to log in to the SSH client as shown in the following example, which loads the key in file private_key.txt, and logs in as user demo,to IP

# ssh -i private_key.txt demo@

When the prompt to confirm the connection request is displayed, type yes and then press Enter.

If your SSH key requires a password, enter it when prompted to complete the connection.

Categories SSH

How can I keep my SSH sessions from freezing CentOS 6


You need to enable

TCPKeepAlive yes

In your client ssh_config (e.g. /etc/ssh/ssh_config or in ~/.ssh/config) and your destination SSH server running OpenSSH (e.g. /etc/ssh/sshd_config).

So every time your connection idles, OpenSSH sends some dummy packet to your destination host

Login to the server and run this:

# nano /etc/ssh/sshd_config

Uncomment this line

#TCPKeepAlive yes


TCPKeepAlive yes

Then, restart ssh

On CentOS:

# service sshd restart
Stopping sshd:                                             [  OK  ]
Starting sshd:                                             [  OK  ]

Other Options:

IdleTimeout time

Sets idle timeout limit to time in seconds (s or nothing afternumber),
in minutes (m), in hours (h), in days (d), or in weeks (w).If the
connection have been idle (all channels) for that long time thechild
process is killed with SIGHUP, and connection is closed down.

ClientAliveInterval 60
TCPKeepAlive yes
ClientAliveCountMax 10000

ClientAliveInterval The server will wait 60 seconds before sending a null packet to the client to keep the connection alive

TCPKeepAlive Is there to ensure that certain firewalls don’t drop idle connections.

ClientAliveCountMax Server will send alive messages to the client even though it has not received any message back from the client.

Categories SSH

How to Secure SSH with Google Authenticator’s Two-Factor Authentication

Source: http://www.howtogeek.com/121650/how-to-secure-ssh-with-google-authenticators-two-factor-authentication/

Also, for CentOS: http://www.tecmint.com/ssh-two-factor-authentication/

Want to secure your SSH server with easy-to-use two-factor authentication? Google provides the necessary software to integrate Google Authenticator’s time-based one-time password (TOTP) system with your SSH server. You’ll have to enter the code from your phone when you connect.

Change OpenSSH Port CentOS

Want to change the ssh port for ssh? Here is a good tutorial.
(Note: If you are making these changes – ssh to the server and keep the terminal open as you make the changes. Test with a new terminal. This way if something is amiss – you are not locked out.)

Edit /etc/ssh/sshd_config, enter:

# vi /etc/ssh/sshd_config

The strategy used for options in the default sshd_config shipped with OpenSSH is to specify options with their default value where possible, but leave them commented. Uncommented options change a default value.

Uncomment the following and edit to set the port to 10221:

Port 10221

ListenAddress option

Note: If you have multiple IP address on the server, add you IP addresses.

ListenAddress as follows :

## bind sshd to two ip address on a non-standard port ##

Save and close the file.

Before you restart or reload sshd server. You need to update SELinux configuration or Firewall settings (iptables).

You also need to update firewall settings so that users can login using TCP # 10221. Edit,

/etc/sysconfig/iptables and open sshd port 10221:
# vi /etc/sysconfig/iptables

Edit/append as follows:

## delete or comment out port 22 line ##
## -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
## open port 22
-A INPUT -m state --state NEW -m tcp -p tcp --dport 10221 -j ACCEPT

Save and close the file. If you are using IPv6, edit /etc/sysconfig/ip6tables file too. Temporally, stop the firewall so that you will not loose the connectivity to the server:

# service iptables stop
# service ip6tables stop

Restart sshd on a CentOS

# service sshd restart

Verify new port settings with the following netstat command:

# netstat -tulpn | grep sshd

Finally, start the firewall:

# service iptables start
## IPv6 ##
# service ip6tables start

Now, login with a different terminal to check the settings.

Categories SSH