In today’s article, I’m going to show you how to disable password login for SSH. Security is important and this can be a step in your securing SSH. After all, without password login enabled, you can’t have someone brute force your password!
And that right there nips in the bud why you’d want to make this change. You want to eliminate an attack vector, so you disable password login for SSH and you rely on SSH keys.
NOTE: I’ve had a number of SSH articles. Feel free to scroll through them, as they cover a number of SSH options. If you don’t know what SSH is, click the links in the above two paragraphs and we’ll be on the same page. In short, it’s a tool to remotely login to systems so that you can manage them without actually being at the computer physically. It’s a widely used tool.
It goes without saying that professional admins tend to do things like secure their SSH logins, and disabling password login for SSH is a good step to take. It’s also a step we laymen can use, ’cause it’s really a very simple operation. So, that’s what this article will be about. It’s an article that tells you how to …
This article requires an open terminal, like many other articles on this site. If you don’t know how to open the terminal, you can do so with your keyboard – just press CTRL + ALT + T and your default terminal should open.
Now, you’re going to need to do some file editing. For that, we’re going to use our beloved nano. So, start with this command:
sudo nano /etc/ssh/sshd_config
That will open the file with your nano editor, where you’ll look for a line that looks like this:
#PasswordAuthentication yes
And you’re going to change the ‘yes’ to no, and remove the # that means ‘ignore this line’, so that it can take effect. When you’re done, the line should look like:
PasswordAuthentication no
Now, you’ll want to save it. In nano, to save a file, you press CTRL + X, then Y, and then ENTER.
With that done, you need to restart the service. That’s easy enough, you just run the following command:
sudo systemctl restart sshd
That will restart the service and use the new settings. So, be sure you have your ducks in a row, ’cause once you restart that service you’re not gonna be able to login with a password again. You’re not going to get a redo, ’cause it restarts the service – meaning it logs you out. So, you should probably be logged in using SSH certificates before making this change. That way, you know it works.
Huh… I am not, in fact, out of ideas for articles. I’m pretty sure I’m going to run out of ideas eventually, but there seems to always be something new to impart. I did notice that I failed to search well and we have two articles about time zones and how to find out which you’re using. Ah well… Nobody else seemed to notice, so I’ve got that going for me.
Thanks for reading! If you want to help, or if the site has helped you, you can donate, register to help, write an article, or buy inexpensive hosting to start your own site. If you scroll down, you can sign up for the newsletter, vote for the article, and comment.
Today we'll cover one way to enable or disable your network interface in the Linux…
Today's exercise is a nice and simple exercise where we check your NIC speed in…
Have you ever wanted to easily monitor your wireless connection? Well, now you can learn…
I think I've covered this before with the ls command but this time we'll count…
Today we'll be learning about a basic Linux command that's known as 'uname' and it…
If you've used hardinfo in the past, it may interest you to know that hardinfo…