Applies To: CENTOS DEBIAN UBUNTU

The security benefits of using SSH keys can be maximised by disabling password authentication on the server. Almost all of the simple, automated attacks against SSH are people or bots attempting to guess common username and password combinations. When password authentication is disabled this method of attack is rendered useless. It is, therefore, highly recommended to disable password authentication on the server.

Before you follow the steps below, make sure you have a copy of your server's root password as it will be required to regain access to the server if there are any problems with SSH as a result of this work.

The steps to disable password authentication are as follows:

1: Log on to the server as the "root" user or with a suitable user with "sudo" privileges.

2: Change to the SSH configuration directory;

cd /etc/ssh/
BASH

3: Open sshd_config with your favourite text editor. Here nano is used:

nano sshd_config
BASH

4: Edit the line that reads

#Before edit:
PasswordAuthentication yes

#After edit:
PasswordAuthentication no
BASH

5: Save and Exit

6: Check for any errors in the new configuration with the following command:

sshd -t
BASH

7: Restart SSH if there are no reported errors. On modern distributions this is done with the following command:

systemctl restart sshd.service
BASH

8: Log out and log back in to check that everything is working correctly.

Out of Bands Access

If you are not able to log back into the server Memset provides out-of-band access to all their servers via MemShell to allow you to revert the change. Please refer to the MemShell documentation for more information.

The root password for your server will be required to access the server via MemShell.