In today’s article, I’m going to show you how to disable password login for SSH. Security is important and this can be a step in your securing SSH. After all, without password login enabled, you can’t have someone brute force your password!
And that right there nips in the bud why you’d want to make this change. You want to eliminate an attack vector, so you disable password login for SSH and you rely on SSH keys.
NOTE: I’ve had a number of SSH articles. Feel free to scroll through them, as they cover a number of SSH options. If you don’t know what SSH is, click the links in the above two paragraphs and we’ll be on the same page. In short, it’s a tool to remotely login to systems so that you can manage them without actually being at the computer physically. It’s a widely used tool.
It goes without saying that professional admins tend to do things like secure their SSH logins, and disabling password login for SSH is a good step to take. It’s also a step we laymen can use, ’cause it’s really a very simple operation. So, that’s what this article will be about. It’s an article that tells you how to …
Disable Password Login For SSH:
This article requires an open terminal, like many other articles on this site. If you don’t know how to open the terminal, you can do so with your keyboard – just press CTRL + ALT + T and your default terminal should open.
Now, you’re going to need to do some file editing. For that, we’re going to use our beloved nano. So, start with this command:
That will open the file with your nano editor, where you’ll look for a line that looks like this:
And you’re going to change the ‘yes’ to no, and remove the # that means ‘ignore this line’, so that it can take effect. When you’re done, the line should look like:
Now, you’ll want to save it. In nano, to save a file, you press CTRL + X, then Y, and then ENTER.
With that done, you need to restart the service. That’s easy enough, you just run the following command:
That will restart the service and use the new settings. So, be sure you have your ducks in a row, ’cause once you restart that service you’re not gonna be able to login with a password again. You’re not going to get a redo, ’cause it restarts the service – meaning it logs you out. So, you should probably be logged in using SSH certificates before making this change. That way, you know it works.
Huh… I am not, in fact, out of ideas for articles. I’m pretty sure I’m going to run out of ideas eventually, but there seems to always be something new to impart. I did notice that I failed to search well and we have two articles about time zones and how to find out which you’re using. Ah well… Nobody else seemed to notice, so I’ve got that going for me.