How to Disable SSH Password Login and Enhance Linux Server Security

Are you want to disable password login for ssh and enhance your server security? Password login for SSH has security risks, and it is recommended to use SSH key pair instead of Password authentication.

Password authentication can be the victim of attacks like brute force, phishing, and more. Attackers use a massive combination of commonly used passwords and try to login with these passwords. With enough computing power, it is possible to crack a weak SSH login password. So if you still use the password for SSH logging, you should disable it today.

In this blog post, I’ll show how to disable ssh password Login with step-by-step guides.

Prerequisite

• You have root access or sudo privilege in your Linux system
• You have set up SSH key pair for authentication

Connect to your Linux System with Password

Before proceeding, you need to connect to your Linux server with Password. You can login to your Linux System through SSH with the following command

ssh user@pubic-ip-address

• Use your user name and public IP address

You can disable SSH Password login in two ways. One is using the sed command, and the other is manually disabling password login.

Option 1: Quickly Disable SSH Password Login with Sed Command

You can use the sed command to disable SSH password login with the following line in the Linux terminal.

sudo sed -i 's/PasswordAuthentication yes/PasswordAuthentication no/g; s/ChallengeResponseAuthentication yes/ChallengeResponseAuthentication no/g' /etc/ssh/sshd_config && service ssh restart

This command

• Set PasswordAuthentication to no in SSH configuration file
• Set ChallengeResponseAuthentication to no in SSH configuration file
• Restart the SSH service

You can easily disable password login and restart the ssh service

Option 2: Disable SSH Password Login Manually

Alternatively, you can disable ssh password login with the following steps. You can follow these steps if you want more control and know the steps needed to disable SSH password login.

Step 1: Open the SSH Configuration File

Open the SSH configuration file in your Linux System to disable Password authentication. Use the following command to open the SSH configuration file in the nano text editor.

sudo nano /etc/ssh/sshd_config

Step 2: Edit the SSH Configuration File

To disable ssh password login, you need to edit a configuration file. To edit the configuration, find and locate the line

PasswordAuthentication yes

By default, it is set to yes, which allows you to log in with your password. To disable password authentication, set this line to

PasswordAuthentication no

After disabling the password authentication, find and locate the line

ChallengeResponseAuthentication yes

ChallengeResponseAuthentication used to add an extra security layer for password authentication. If Challenge Response Authentication is enabled, the server sends a challenge to the client, and the client with the correct answer. This option is useful to restrict the bots from login attempts to the server.

If you disable ssh login, you also need to disable Challenge Response Authentication. To disable it, change it to

ChallengeResponseAuthentication no

After editing the configuration file, save the file and exit the editor. To save and exit the editor, press CTRL + O then CTRL + X.

Step 3: Restart SSH Service

After modifying the SSH configuration file, it’s important to restart the SSH service in order for the changes to take effect. You can restart the SSH service with the following command.

sudo systemctl restart sshd

After restarting the service, you have successfully disabled the SSH password login. Now your Linux server is more secure, and you can use a private key to log in.

Conclusion

Disabling SSH Password login is an important security measure every Linux administrator should consider. Disabling SSH password login enhances your Linux security and stops several attacks.