In this day of hightened security concerns and massive computing power it is more important than ever to utilize every tool we have to prevent unauthorized access to our systems. We've relied on passwords for years and we've learned that users typically don't do a good job with maintaining strong, hack-resistant words and phrases instead gravitating towards simple words or sports team names that are increadibly easy to guess. Enter Public Key Infrastructure (PKI) cryptography for authenticating your users.

Setting up PKI authentication requires changing a couple settings in your /etc/ssh/sshd_config. The following commands should be modified to activate PKI authentication:

PubkeyAuthentication - Uncomment and set to yes.

AuthorizedKeysFile - Uncomment this as well and make sure it is set to .ssh/authorized_keys.

By changing those two settings you have activated PKI authentication! When users put their public key in their ~/.ssh/authorized_keys the system will try to authenticate them using that key before asking for a password. Want to require the key and not allow users to authenticate with a password? Just change PasswordAuthentication to no and after restarting the sshd service your system should only let people login using their PKI certificates.