Email This List Email This List Print This List Print This List

Dis­abling SSH Pass­word Authen­tic­a­tion and Root Login

You just strengthened the secur­ity of your serv­er by adding a new user and gen­er­at­ing SSH keys. Now it’s time to make some changes to the default SSH con­fig­ur­a­tion. First, you’ll dis­ablepass­word authen­tic­a­tion to require all users con­nect­ing via SSH to use key authen­tic­a­tion. Next, you’ll dis­able root login to pre­vent the root user from log­ging in via SSH. These steps are option­al, but are strongly recom­men­ded.

You may want to leave pass­word authen­tic­a­tion enabled if you con­nect to your serv­er  from many dif­fer­ent desktop com­puters. That will allow you to authen­tic­ate with a pass­word instead of copy­ing the private key to every com­puter.

Here’s how to dis­able SSH pass­word authen­tic­a­tion and root login:

  1. Open the SSH con­fig­ur­a­tion file for edit­ing by enter­ing the fol­low­ing com­mand:
    sudo nano /etc/ssh/sshd_config

    If you see a mes­sage sim­il­ar to -bash: sudo: com­mand not found, you’ll need to install sudo on your serv­er . To do so, log in as root by enter­ing the su com­mand, and type the root pass­word when promp­ted. Next, install sudo by enter­ing the fol­low­ing com­mand: apt-get install sudo. After sudo has been installed, log out as the root user by enter­ing the exit com­mand.

  2. Change the PasswordAuthentication set­ting to no as shown below. Veri­fy that the line is uncom­men­ted by remov­ing the # in front of the line, if there is one.:
    PasswordAuthentication no
  3. Change the PermitRootLogin set­ting to no as shown below:
    PermitRootLogin no
  4. Save the changes to the SSH con­fig­ur­a­tion file by press­ing Control‑X, and then Y.
  5. Restart the SSH ser­vice to load the new con­fig­ur­a­tion. Enter the fol­low­ing com­mand:

    Debian/​Ubuntu Users:

    sudo service ssh restart


    sudo systemctl restart sshd

After the SSH ser­vice restarts, the SSH con­fig­ur­a­tion changes will be applied.

admin has written 133 articles