Posted In DigitalOcean

Secure SSH By Disabling Password Logins

Make bruteforce attempts almost impossible

I always disable SSH password logins when setting up a new server, allowing authentication via private key only. It’s a good way to secure SSH all-around.

Disabling password logins in Ubuntu is extremely easy.

Open /etc/ssh/sshd_config with nano or vi. You’ll want to change options for 3 different directives, ChallengeResponseAuthentication, PasswordAuthentication, and UsePAM.

Find those directives in /etc/ssh/sshd_config and set them to the following:

Save sshd_config, and reload ssh:

That’s it, now you won’t be able to SSH to your server and login with a password, and neither will anyone else.

Of course, you’ll want to enable private key authentication, first. If you don’t, you’ll lock yourself out of your server.

DigitalOcean has a good article on how to do this.

Do you allow SSH password logins?

View Results

Loading ... Loading ...

Let’s go a bit farther and only allow specific users to login via SSH. We can do so with by adding a line like the one below to /etc/ssh/sshd_config:

This will allow only three users to login: firstuser, seconduser, or thirduser. I usually add my AllowUsers directive towards the top of sshd_config.

After modifying /etc/ssh/sshd_config, reload ssh again like so:

Well, now what?

Work with Me

I'm available for hire and always taking new clients, big and small. Got a project or an idea you'd like to discuss? Startup plan but no developer to make it happen? Just get in touch, I'd love to see if I can help you out!

Leave some Feedback

Got a question or some updated information releavant to this post? Please, leave a comment! The comments are a great way to get help, I read them all and reply to nearly every comment. Let's talk. :) is proudly hosted by DigitalOcean

About these ads