You just strengthened the security of your server by adding a new user and generating SSH keys. Now it’s time to make some changes to the default SSH configuration. First, you’ll disablepassword authentication to require all users connecting via SSH to use key authentication. Next, you’ll disable root login to prevent the
root user from logging in via SSH. These steps are optional, but are strongly recommended.
You may want to leave password authentication enabled if you connect to your server from many different desktop computers. That will allow you to authenticate with a password instead of copying the private key to every computer.
Here’s how to disable SSH password authentication and root login:
- Open the SSH configuration file for editing by entering the following command:
sudo nano /etc/ssh/sshd_config
If you see a message similar to -bash: sudo: command not found, you’ll need to install
sudoon your server . To do so, log in as root by entering the
sucommand, and type the
rootpassword when prompted. Next, install
sudoby entering the following command:
apt-get install sudo. After
sudohas been installed, log out as the
rootuser by entering the
- Change the
noas shown below. Verify that the line is uncommented by removing the # in front of the line, if there is one.:
- Change the
noas shown below:
- Save the changes to the SSH configuration file by pressing Control‑X, and then Y.
- Restart the SSH service to load the new configuration. Enter the following command:
sudo service ssh restart
sudo systemctl restart sshd
After the SSH service restarts, the SSH configuration changes will be applied.