dark

How to Disable Password Login for SSH

ssh disable password login

Secure Shell (SSH) is a widely used protocol for secure remote login and other network services. However, SSH password authentication is vulnerable to brute-force attacks and other forms of password guessing. In this article, we will discuss how to disable password login for SSH and use key-based authentication instead.

Why Disable Password Login for SSH?

SSH password authentication is convenient but risky. By default, SSH allows password-based authentication, which means that anyone who knows your username and password can log in to your system remotely. This makes your system vulnerable to brute-force attacks and other forms of password guessing.

In contrast, key-based authentication is more secure because it requires a private key that is stored on the client machine and a public key that is stored on the server. The private key is used to authenticate the client, while the public key is used to verify the client’s identity.

How to Disable Password Login for SSH?

To disable password login for SSH, you need to modify the SSH configuration file on your server. Here are the steps:

  1. Log in to your server as the root user or a user with sudo privileges.
  2. Open the SSH configuration file /etc/ssh/sshd_config in a text editor such as nano or vi.
  3. Find the line that says #PasswordAuthentication yes and change it to PasswordAuthentication no. If the line is commented out (i.e., it starts with a #), remove the # character.
  4. Save the file and exit the text editor.
  5. Restart the SSH service by running the command systemctl restart sshd.

After these steps, SSH password authentication will be disabled, and only key-based authentication will be allowed.

How to Use Key-Based Authentication for SSH?

To use key-based authentication for SSH, you need to generate a public/private key pair on the client machine and add the public key to the server’s authorized_keys file. Here are the steps:

  1. On the client machine, open a terminal or command prompt and run the command ssh-keygen -t rsa. This will generate a public/private key pair in the ~/.ssh directory.
  2. When prompted, enter a passphrase for the private key. This passphrase will be required every time you use the private key to authenticate.
  3. Copy the public key to the server by running the command ssh-copy-id username@servername. Replace username with your username on the server and servername with the hostname or IP address of the server.
  4. When prompted, enter your password for the server. This will copy the public key to the server’s ~/.ssh/authorized_keys file and set the correct permissions.
  5. Test the key-based authentication by running the command ssh username@servername. You should be logged in without being prompted for a password.

Conclusion

In conclusion, disabling password login for SSH and using key-based authentication instead is a simple but effective way to improve the security of your remote login. By following the steps outlined in this article, you can quickly and easily set up key-based authentication and protect your system from password guessing attacks.

Related tutorials