Secure SSH By Disabling Password Logins
Make bruteforce attempts almost impossible
I always disable SSH password logins when setting up a new server, allowing authentication via private key only. It’s a good way to secure SSH all-around.
Disabling password logins in Ubuntu is extremely easy.
Open /etc/ssh/sshd_config with nano or vi. You’ll want to change options for 3 different directives, ChallengeResponseAuthentication
, PasswordAuthentication
, and UsePAM
.
Find those directives in /etc/ssh/sshd_config and set them to the following:
Save sshd_config
, and reload ssh:
That’s it, now you won’t be able to SSH to your server and login with a password, and neither will anyone else.
Of course, you’ll want to enable private key authentication, first. If you don’t, you’ll lock yourself out of your server.
DigitalOcean has a good article on how to do this.
Let’s go a bit farther and only allow specific users to login via SSH. We can do so with by adding a line like the one below to /etc/ssh/sshd_config:
This will allow only three users to login: firstuser, seconduser, or thirduser. I usually add my AllowUsers directive towards the top of sshd_config.
After modifying /etc/ssh/sshd_config, reload ssh again like so:
digital ocean digitalocean hosting Internet Personal Security ssh
a1b5f63 @ 2024-02-10