Debian/Ubuntu Tips and Tricks

Debuntu

Debian/Ubuntu Tips and Tricks

Secure your SSH server with Public/Private key authentification — page 3

Posted by chantra on January 11th, 2007

4. Disabling Authentication by password

In order to disable authentication by password, we need to connect as root on the remote machine. On connected, go and edit /etc/ssh/sshd_config and make sure you have the following setting:

....
ChallengeResponseAuthentication no
PasswordAuthentication no
UsePAM no
...

and reload SSH configuration file:

# /etc/init.d/ssh reload

Now, open a new shell and connect the remote host using your private key:

user@host:~$ ssh remoteuser@remotehost
remoteuser@remotehost:~$

and check that you can't connect without a key anymore:

$ cd ~/.ssh
$ mv id_rsa id_rsa.bck
$ ssh remoteuser@remotehost
Permission denied (publickey).
$ mv id_rsa.bck id_rsa

If you get rejected with Permission denied (publickey). it means it is all good and your ssh server is protected against brute-force attacks.

5. Conclusion

By authenticating yourself using a public/private key pair and by disabling authentication by password you will considerably reduce the chance an attacker gain access to your remote machine.

It is wise to provide a passphrase when creating your key pair, this way, even if somebody get a copy of your private key, you will reduce the risk of having him gaining access to your remote machine.

Series Navigation<< Secure your SSH server with Public/Private key authentification — page 2

Leave a Reply

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>