by peter

Share

Disable SSH Login with Password to improve security

One of the basic SSH hardening step is to disable password based SSH login.

You know that you can use ssh with the root or other account’s password to login remotely into a Linux server. But this poses a security risk because a huge numbers of bots are always trying to login to your system with random passwords. This is called brute force attack.

Disable SSH password authentication

Before you do that, you must keep the following things in mind:

  • Make sure to create your ssh key-pair on your personal/work computer and add this public SSH key to the server so that at least you can login to the server.
  • Disabling password based authentication means you cannot ssh into your server from random computers.
  • You must not lose your ssh keys. If you format your personal computer and lose the ssh keys, you’ll never be able to access the server.
  • If you are locked out, you will not be able to access your server ever.

Login as root to your Linux server using key based authentication. Use an editor like Nano or Vim to edit the following file:

/etc/ssh/sshd_config

Find the following line:

PasswordAuthentication yes

And change it to:

PasswordAuthentication no

If there is a # (means commented out) at the beginning of that line, remove it.

Save the file after making these changes and restart the SSH service using this command:

systemctl restart ssh

That’s it. You have successfully disabled password based authentication in SSH.