Secure your SSH server with Public/Private key authentification — page 3

1 minute read

4. Disabling Authentication by password

In order to disable authentication by password, we need to connect as root on the remote machine. On connected, go and edit /etc/ssh/sshd_config and make sure you have the following setting:

ChallengeResponseAuthentication no
PasswordAuthentication no
UsePAM no

and reload SSH configuration file:

/etc/init.d/ssh reload

Now, open a new shell and connect the remote host using your private key:

user@host:~$ ssh remoteuser@remotehost

and check that you can’t connect without a key anymore:

$ cd ~/.ssh
$ mv id_rsa id_rsa.bck
$ ssh remoteuser@remotehost
Permission denied (publickey).
$ mv id_rsa.bck id_rsa

If you get rejected with Permission denied (publickey). it means it is all good and your ssh server is protected against brute-force attacks.

5. Conclusion

By authenticating yourself using a public/private key pair and by disabling authentication by password you will considerably reduce the chance an attacker gain access to your remote machine.

It is wise to provide a passphrase when creating your key pair, this way, even if somebody get a copy of your private key, you will reduce the risk of having him gaining access to your remote machine.