n6cloud blog

How to Disable Password Authentication in SSH

In the world of server management, security is paramount. Disabling SSH password authentication is critical to securing your Linux Virtual Private Server (VPS). This method, which relies on passwords for user login, is vulnerable to brute-force attacks—where hackers attempt numerous passwords to gain unauthorized access. Disabling password authentication and relying solely on SSH keys enhances your server’s security, making unauthorized access significantly harder. This article will walk you through the steps to disable SSH password authentication, ensuring your server is safeguarded against common cybersecurity threats.

What is SSH Password Authentication?

SSH, or Secure Shell, is a protocol to connect to remote servers securely. Password authentication within SSH involves users providing a password to log in to the server. While straightforward, this method poses a significant security risk. Passwords, especially those that are weak or have been exposed elsewhere, can be easily compromised. Attackers can use automated tools to perform brute-force attacks, systematically guessing thousands of passwords until they find the right one.

Disabling password authentication means that the server will no longer accept password entries for login, requiring users to authenticate using a more secure method—SSH keys. SSH keys are cryptographic keys that are much more secure than passwords because they generate a private-public key pair. The private key is kept securely on the user’s computer, while the public key is stored on the server. Without the corresponding private key, access to the server is effectively blocked, even if an attacker knows the password.

Preparing to Disable SSH Password Authentication

Before you proceed to disable SSH password authentication, it’s crucial to ensure that you have already set up SSH keys on your server. SSH keys provide a secure method of authentication that replaces the less secure password-based login. If you still need to configure SSH keys or review the setup process, please refer to our detailed guide on setting up SSH keys on your Linux VPS.

Having SSH keys in place is essential because once password authentication is disabled, you’ll rely entirely on these keys to access your server and cannot access the SSH using password authentication. Remember, it’s also wise to back up your SSH configuration before making any changes. This precaution allows you to restore the previous settings if needed, ensuring continuous access to your server during the transition.

Step-by-Step Guide to Disabling SSH Password Authentication

Now that your server has SSH keys, the next crucial step is to enhance its security by disabling SSH password authentication. This guide provides detailed instructions on modifying SSH configurations on Ubuntu and RHEL(CentOS, AlmaLinuxRockeyLinux, CloudLinux) systems, ensuring that your server only allows key-based access.

Step 1: Access Your Server

Ensure you are logged into your server using SSH with your existing SSH key. This verifies that key-based login is functional before making any changes to the authentication settings.

Step 2: Modify the SSH Configuration

1.    Open the SSH configuration file. Use the vi editor to access the sshd_config file, which contains the SSH daemon settings:

sudo vi /etc/ssh/sshd_config

1.    Locate and modify settings. Within the sshd_config file, search for the following lines. Uncomment them by removing the # if necessary, and then set their values to no:

·    Set PasswordAuthentication to no:

PasswordAuthentication no

·    Set ChallengeResponseAuthentication to no:

ChallengeResponseAuthentication no

These modifications ensure that your server no longer accepts password-based logins, significantly increasing its security.

Step 3: Restart SSH Service

To apply the changes, restart the SSH service using the command appropriate for your system:

·    On Ubuntu:

sudo systemctl restart ssh

·    On RHEL:

sudo systemctl restart sshd

This action will make the new settings effective immediately without rebooting the server.

related post: Step-by-Step Guide to Implementing SSH Keys for Linux VPS Security

Verifying That Password Authentication is Disabled

Once you’ve made the necessary changes to your server’s SSH configuration and restarted the SSH service, it’s crucial to confirm that password authentication is disabled.

Testing Method for Linux and macOS Clients:

1.    Open a terminal. Open a terminal window from your Linux or macOS system to initiate an SSH connection.

2.    Attempt to SSH into your server: Use the SSH command without specifying the private key:

ssh username@server-ip

Replace username with your server’s username and server-ip with the server’s IP address. If password authentication is disabled correctly, the server should not prompt you for a password. Instead, it might deny access or only allow login if you explicitly specify the private key using the -i option with the path to your private key.

Testing Method for Windows Clients:

1.    Open PuTTY. Launch the PuTTY application on your Windows machine.

2.    Configure a new session: Enter your server’s IP address in the ‘Host Name’ field, but do not load any private keys in the ‘Auth’ section under ‘SSH’.

3.    Attempt to connect: Click ‘Open’ to initiate the connection. If password authentication has been disabled properly, PuTTY should not prompt you for a password. Instead, you might see a message indicating that the server refused the connection, or it may ask for a username and then fail to connect without the private key.

If, in both tests, the server does not allow a password login and requires the private key for authentication, then you have successfully disabled SSH password authentication. This ensures your server is protected against unauthorized access attempts using just a password.

Conclusion

Disabling SSH password authentication is a significant step towards securing your Linux VPS against unauthorized access. By implementing the steps outlined in this guide, you’ve enhanced your server’s security and deepened your understanding of SSH configurations and their impact on server security.

Remember, maintaining a secure server environment is an ongoing process. It requires regular updates, consistent monitoring, and revisiting security protocols to ensure they align with current best practices. Always be prepared with backups and recovery plans to handle unexpected situations like being locked out.

We encourage you to continue educating yourself on server security and to stay updated with the latest security trends and recommendations. Protecting your server is not just about setting configurations once—it’s about continuously adapting to the evolving landscape of cyber threats.

Thank you for following this guide. May your server management journey be secure and efficient!

Step-by-Step Guide to Implementing SSH Keys for Linux VPS Security PrevStep-by-Step Guide to Implementing SSH Keys for Linux VPS SecurityJuly 6, 2024
How to Fix Not Secure Website WarningJuly 28, 2024 How to Fix Not Secure Website Warning Next

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *