Make bruteforce attempts almost impossible
I always disable SSH password logins when setting up a new server, allowing authentication via private key only. It’s a good way to secure SSH all-around.
Disabling password logins in Ubuntu is extremely easy.
Open /etc/ssh/sshd_config with nano or vi. You’ll want to change options for 3 different directives, ChallengeResponseAuthentication, PasswordAuthentication, and UsePAM.
Find those directives in /etc/ssh/sshd_config and set them to the following:
ChallengeResponseAuthentication no PasswordAuthentication no UsePAM no
Save sshd_config, and reload ssh:
sudo service ssh reload
That’s it, now you won’t be able to SSH to your server and login with a password, and neither will anyone else.
Of course, you’ll want to enable private key authentication, first. If you don’t, you’ll lock yourself out of your server.
DigitalOcean has a good article on how to do this.
Loading ...Let’s go a bit farther and only allow specific users to login via SSH. We can do so with by adding a line like the one below to /etc/ssh/sshd_config:
AllowUsers firstuser seconduser thirduser
This will allow only three users to login: firstuser, seconduser, or thirduser. I usually add my AllowUsers directive towards the top of sshd_config.
After modifying /etc/ssh/sshd_config, reload ssh again like so:
sudo service ssh reload
Well, now what?
Work with Me
I'm available for hire and always taking new clients, big and small. Got a project or an idea you'd like to discuss? Startup plan but no developer to make it happen? Just get in touch, I'd love to see if I can help you out!
Longren.io is proudly hosted by DigitalOcean
Leave some Feedback
Got a question or some updated information releavant to this post? Please, leave a comment! The comments are a great way to get help, I read them all and reply to nearly every comment. Let's talk.
:)