4. Disabling Authentication by password
In order to disable authentication by password, we need to connect as root on the remote machine. On connected, go and edit
/etc/ssh/sshd_config and make sure you have the following setting:
.... ChallengeResponseAuthentication no PasswordAuthentication no UsePAM no ...
and reload SSH configuration file:
Now, open a new shell and connect the remote host using your private key:
user@host:~$ ssh remoteuser@remotehost remoteuser@remotehost:~$
and check that you can’t connect without a key anymore:
$ cd ~/.ssh $ mv id_rsa id_rsa.bck $ ssh remoteuser@remotehost Permission denied (publickey). $ mv id_rsa.bck id_rsa
If you get rejected with Permission denied (publickey). it means it is all good and your ssh server is protected against brute-force attacks.
By authenticating yourself using a public/private key pair and by disabling authentication by password you will considerably reduce the chance an attacker gain access to your remote machine.
It is wise to provide a passphrase when creating your key pair, this way, even if somebody get a copy of your private key, you will reduce the risk of having him gaining access to your remote machine.