Disabled Password-Based Authentication
2 minPassword authentication can be a security risk, there are unlimited number of bots trying to brute force ssh every second on the open internet. while changing the default ssh port can reduce the number of non targeted attacks, it does nothing against targeted attacks. so it is always highly recommended to disabled password authentication.
Backup SSH configuration file
Before making any changes, it is a good practice to backup the SSH configuration file:
sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bakOpen SSH configuration file
To disable password authentication, you need to edit the SSH daemon configuration file:
sudo nano /etc/ssh/sshd_configsudo vim /etc/ssh/sshd_configFind and update the following lines
Find the following lines and change them to look like this, if a line does not exists you can add it:
PasswordAuthentication no
PermitRootLogin prohibit-password
# optional if you are not planing to use 2fa
KbdInteractiveAuthentication no
# optional if you are not using password or 2fa authentication
UsePAM noSave the file and exit the editor.
Test The configuration
Test your configuration before restarting the SSH service:
sudo sshd -tRestart SSH service
If there are no errors, restart the SSH service.
sudo systemctl restart sshsudo systemctl restart sshdValidate the changes
Before closing your current SSH session, open a new terminal/cmd/powershell window and try to connect to your server.
ssh your-user@your-server-ipIf you can connect successfully, then the changes are applied correctly.
Restore SSH configuration (if needed)
If for any reason when validating the changes you encounter issues, you can restore the previous configuration using the backup file we created at the beginning of this guide:
sudo mv /etc/ssh/sshd_config.bak /etc/ssh/sshd_config