password Archives • Linux Tips

How To: Disable Password Login For SSH

In today’s article, I’m going to show you how to disable password login for SSH. Security is important and this can be a step in your securing SSH. After all, without password login enabled, you can’t have someone brute force your password!

And that right there nips in the bud why you’d want to make this change. You want to eliminate an attack vector, so you disable password login for SSH and you rely on SSH keys.

NOTE: I’ve had a number of SSH articles. Feel free to scroll through them, as they cover a number of SSH options. If you don’t know what SSH is, click the links in the above two paragraphs and we’ll be on the same page. In short, it’s a tool to remotely login to systems so that you can manage them without actually being at the computer physically. It’s a widely used tool.

It goes without saying that professional admins tend to do things like secure their SSH logins, and disabling password login for SSH is a good step to take. It’s also a step we laymen can use, ’cause it’s really a very simple operation. So, that’s what this article will be about. It’s an article that tells you how to …

Disable Password Login For SSH:

This article requires an open terminal, like many other articles on this site. If you don’t know how to open the terminal, you can do so with your keyboard – just press CTRL + ALT + T and your default terminal should open.

Now, you’re going to need to do some file editing. For that, we’re going to use our beloved nano. So, start with this command:

sudo nano /etc/ssh/sshd_config

1	sudo nano /etc/ssh/sshd_config

That will open the file with your nano editor, where you’ll look for a line that looks like this:

#PasswordAuthentication yes

1	#PasswordAuthentication yes

And you’re going to change the ‘yes’ to no, and remove the # that means ‘ignore this line’, so that it can take effect. When you’re done, the line should look like:

PasswordAuthentication no

1	PasswordAuthentication no

Now, you’ll want to save it. In nano, to save a file, you press CTRL + X, then Y, and then ENTER.

With that done, you need to restart the service. That’s easy enough, you just run the following command:

sudo systemctl restart sshd

1	sudo systemctl restart sshd

That will restart the service and use the new settings. So, be sure you have your ducks in a row, ’cause once you restart that service you’re not gonna be able to login with a password again. You’re not going to get a redo, ’cause it restarts the service – meaning it logs you out. So, you should probably be logged in using SSH certificates before making this change. That way, you know it works.

Closure:

Huh… I am not, in fact, out of ideas for articles. I’m pretty sure I’m going to run out of ideas eventually, but there seems to always be something new to impart. I did notice that I failed to search well and we have two articles about time zones and how to find out which you’re using. Ah well… Nobody else seemed to notice, so I’ve got that going for me.

Thanks for reading! If you want to help, or if the site has helped you, you can donate, register to help, write an article, or buy inexpensive hosting to start your own site. If you scroll down, you can sign up for the newsletter, vote for the article, and comment.

Smash a button!

[Total: 5 Average: 4.2]

How To: Change Your Password In The Terminal

It’s considered good form to change your password once in a while. This may not be something important for you, but others may appreciate it. It may be corporate policy or regulations that make you need to change your password, or you could just be more security minded than many others. No matter what, this article tells you how.

The tool we’re using in today’s exercise is called ‘passwd‘, which is a tool to help make and manage passwords. It’s a bit complicated, but it uses something called hashing and stores a hash instead of a plain-text password.

When you login, your password is checked against the hash that was created when the password was created. This prevents people from easily reading your stored password, stored of course because there must be something to check against.

If one remembers way back to the start of this project, my goal is to put my notes online. This article is in my notes, which is why this is such a simple article. Indeed, this article should be pretty straightforward and easy to understand. I’d definitely call it a beginner-friendly article.

Change Your Password:

Like most always, you need to open your terminal. You can do so with your keyboard – just press CTRL + ALT + T and your default terminal should open.

Once you have your terminal open, the command you’re looking for is:

passwd

passwd

If you already have a password, you’ll need to type your current password and then you’ll type the new password twice. When you logout or next need to use your password, your new password will be required. You don’t need ‘sudo’ for this, as the password you’re changing belongs to you.

Seeing as this is short, I’ll toss in another use of passwd. If you want to change the password for a different user, you just use this command:

sudo passwd <user_name>

1	sudo passwd <user_name>

Change the obvious to the obvious, specifically the username. This command does require ‘sudo’, because you’re changing a password that doesn’t belong to the current user.

There’s more that can be done with passwd, but those things are beyond the scope of this article. I’d expect to see some more passwd uses covered in the future, but you can get a head start by typing man passwd into your terminal and learning about the other options.

Closure:

That’s it, really. I told you that this one would be short and easy! Sure enough, it’s pretty easy. Many of my notes are regarding people who are new to Linux, but it’s still nice to get more of them online. I dare say we’re coming along nicely.

Smash a button!

[Total: 7 Average: 5]

Strip Password From A Password-Protected PDF

One company likes to send me a password-protected PDF every month, and it can be a pain typing in the password every time. Fortunately, we don’t have to! To completely remove the password from password-protected PDFs, keep reading!

Now, there are times when removing the password from a password-protected PDF is against corporate policy or may be a violation of regulations. I suppose a good rule might be, “Don’t tamper with the password protection unless the PDF belongs to you.”

That said, it’s actually pretty easy to remove the passwords from password-protected PDFs. It’s easy and I’ll show you how! This won’t even have to be a very long article!

Remove Password From A Password-Protected PDF:

Like oh so many of my articles, this one starts with the terminal open. If you don’t know how to do that, it’s easy. Just use your keyboard and press CTRL + ALT + T and your default terminal emulator will open.

The tool we’ll be using is called ‘qpdf‘ and it describes itself as:

PDF transformation software

Once you have that open, one of the following should help you install qpfd:

Debian/Ubuntu:

sudo apt install qpdf

1	sudo apt install qpdf

Arch/Manjaro:

sudo pacman -S qpdf

1	sudo pacman -S qpdf

RHEL/Fedora:

sudo dnf install qpdf

1	sudo dnf install qpdf

Any of those should get you to the point where qpdf is installed, and there shouldn’t be (m)any dependencies. Using it is just as easy as installing it.

qpdf --password='PASSWORD' --decrypt original.pdf new_file.pdf

1	qpdf --password='PASSWORD' --decrypt original.pdf new_file.pdf

Obviously, you change “PASSWORD” to the password that’s used in the password-protected PDF to the actual password. You also use the name (and path) of the PDF and a new name for the new PDF that has no password. That will, of course, remove the password and you can delete the original after verifying that it worked.

BONUS:

You can actually use qpdf to make a password-protected PDF. It’s also easy and the command would look like this:

qpdf --encrypt PASSWORD PASSWORD 256 -- original.pdf new_file.pdf

1	qpdf --encrypt PASSWORD PASSWORD 256 -- original.pdf new_file.pdf

In this case, the PASSWORD is your new password and it must be typed twice. The 256 is the key-length used to encrypt the PDF. To get more information like that, just run:

qpdf --help

1	qpdf --help

In there, you’ll see that qpdf is really quite a potent application. It can do so much more than just stripping the password from a password-protected PDF. So, give that help file a scan and see what other features it has!

CLOSURE:

See? I told you that this article wouldn’t take all that long. Best part? It’s another in what’s a growing list of articles and it’s something you can actually use when you get a password-protected PDF. Again, if you’re gainfully employed or in a regulated occupation you may not want to remove the password protection.

Smash a button!

[Total: 3 Average: 5]

How To: Use sudo Without A Password

It is possible to use sudo without a password. Doing so is probably a pretty bad idea for most people, but it can be done. Password-less sudo is an option that you have, but it’s one heck of a security risk.

I have pretty good physical security and the risks of someone physically accessing my devices are pretty minimal. There’s no neighbors that can access my WiFi, or anything like that. Because of this, I can, and sometimes do, set up my computers so that I don’t need to use a password when I use sudo.

I feel like I need to make this clear:

If you set it up to use sudo without a password, you’re removing a key security element. If you can use sudo without a password, so can’t someone who’d be doing so with malice aforethought. It’d be even more risky if you did this on a laptop that might get misplaced or stolen.

In short: DO NOT DO THIS (without considering the security implications).

By the way, if you don’t know what sudo is, it stands for “superuser do”. It’s what you use to temporarily elevate your permissions, to read, write, or execute administrative (or otherwise restricted) files. Basically, it turns you into an omnipotent administrator.

Again, be careful before doing this. If it makes you an omnipotent user, it makes anyone that can access the device an omnipotent user. You have been warned. If you’re comfortable with your physical security, this is an option. It’s an option you should consider only with care and diligence.

SUDO Without A Password:

Closure:

And, once again, you have another article! I’ve reached the point where I have a small buffer. I could be offline for a few days and articles will still publish themselves. I’m hoping to get even further ahead, so we shall see how it goes.

Smash a button!

[Total: 4 Average: 5]

Make Ubuntu Provide Feedback (Asterisks) When Typing Passwords In The Terminal

By default, Ubuntu doesn’t show anything when you type passwords in the terminal. They made this decision for security reasons. Shoulder-surfing is a thing. People looking over your shoulder could see how many characters you entered, thus narrowing down the number of possible passwords.

This article will show you how to show asterisks on the screen, as some folks prefer, when you enter your passwords in the terminal. This tip is actually rather easy and shouldn’t take very long. It’s not even all that advanced, and it can be undertaken by most anyone. You should at least understand the implications before changing the behavior.

Frankly, it’s a perfectly acceptable choice to not show anything when typing sensitive material, but others prefer to have some feedback. It makes it easier for slower typing people to keep track of where they are, for example. On top of that, there are many situations where you really don’t have to worry a whole lot about people shoulder surfing.

When you’re using a computer that’s never going to be out in public, it’s probably not much of an issue if you show asterisks. If it’s a laptop that you use in coffee shops and you’re security conscious, you may want to leave it the way it is. You have a choice. You can leave it the way it is, or you can go ahead and change it. Linux is pretty awesome like that. You get to make the decisions!

Passwords With Asterisk Feedback:

First, let’s crack open the terminal. Press CTRL + ALT + T and your default terminal should open so we can edit the sudoers file. It’s done like this:

sudo nano /etc/sudoers

1	sudo nano /etc/sudoers

Enter your password and hit enter, of course. (Mark it on the calendar! This should be the last time you enter your password in the terminal without some visual feedback!)

Use the down arrow until you’re at the start of the line that says:

Defaults            mail_badpass

1	Defaults mail_badpass

Press the ENTER button. This should move that line down and leave a blank line above it. Use the arrow button to move up to that blank line and enter:

Defaults             pwfeedback

1	Defaults pwfeedback

Note: This spacing isn’t technically required. It is done for convention and to aid in ease of reading/processing information-dense more accurately and swiftly. You can also probably put the new line anywhere in that file. For some reason, that’s how I have it in my notes.

When you’re done, you will then need to save the file. As this is nano, press CTRL + X, then Y, and then ENTER.

That’s it. That’s everything. You will probably need to close and reopen all of your terminals to notice the difference. Then you can test it by opening a new terminal window and tying in:

sudo apt update

1	sudo apt update

Type your password when prompted and you’ll hopefully see some asterisks as feedback. It should look a little like this:

password with asterisk feedback in the terminal — See? Asterisks for passwords feedback in the terminal.

As mentioned above, Ubuntu made this change for security reasons. If you change this, you’re making it so that people can see how many characters you typed when you entered your password. Of course, they can also count how many times you pressed a key on your keyboard. Just be aware of it and decide for yourself.

Closure:

And there you have it, another article published. This one is about the passwords you type and if they’ll give you any feedback by appearing as asterisks on the screen. It’s a decision that you get to make, and the security implications are real – but not universal. You may prefer asterisks when typing your passwords, or you may prefer the defaults.

Smash a button!

[Total: 9 Average: 4.9]