Posted by chantra on January 11th, 2007
- Secure your SSH server with Public/Private key authentification
- Secure your SSH server with Public/Private key authentification — page 2
- Secure your SSH server with Public/Private key authentification — page 3
4. Disabling Authentication by password
In order to disable authentication by password, we need to connect as root on the remote machine. On connected, go and edit /etc/ssh/sshd_config and make sure you have the following setting:
and reload SSH configuration file:
# /etc/init.d/ssh reload
Now, open a new shell and connect the remote host using your private key:
user@host:~$ ssh remoteuser@remotehost
and check that you can't connect without a key anymore:
$ cd ~/.ssh
$ mv id_rsa id_rsa.bck
$ ssh remoteuser@remotehost
Permission denied (publickey).
$ mv id_rsa.bck id_rsa
If you get rejected with Permission denied (publickey). it means it is all good and your ssh server is protected against brute-force attacks.
By authenticating yourself using a public/private key pair and by disabling authentication by password you will considerably reduce the chance an attacker gain access to your remote machine.
It is wise to provide a passphrase when creating your key pair, this way, even if somebody get a copy of your private key, you will reduce the risk of having him gaining access to your remote machine.