Health & Performance
Website Uptime Monitoring
Monitor the uptime of HTTP, HTTPS, DNS, UDP, TCP, email and more.
Website Speed Monitoring
Monitor full website performance by loading it with a real Chrome browser.
Real User Monitoring
Monitor the speed of user experience for visitors to your website.
Operations
Website Transaction Monitoring
Monitor multiple step transactions and get notified if something goes wrong.
Domain Expiration Monitoring
Monitor the expiration of your domains.
Public Status Page
Display real-time operational updates of your website to the public.
Security
SSL Certificate Monitoring
Monitor the SSL certificate of your website.
Virus Monitoring
New
Get alerted if your website gets infected by viruses or malware.
Ready to get started? Sign up for free
Resources
Learn
Learn new things about various topics related to website monitoring, maintenance, and development.
Comparisons
We compare different tools and services to help you choose the best one for your needs.
Questions
Find answers to common questions about website monitoring, maintenance, and development.
Product Information
Blog
Helpful information for our customers about our updates and product news.
Ready to get started? Sign up for free

How To Disable Password Authentication For SSH in Ubuntu?

Home  »  Questions  »  How To Disable Password Authentication For SSH in Ubuntu?
Published September 3, 2024

Problem: Disabling SSH Password Authentication

SSH password authentication can be a security risk, as it's open to brute-force attacks. Disabling this feature in Ubuntu can improve system security by requiring more secure authentication methods, such as SSH keys.

Steps to Disable Password Authentication

Modifying the SSH Configuration File

To disable password authentication for SSH in Ubuntu, you need to change the SSH configuration file. The file is usually at /etc/ssh/sshd_config. You can open this file using a text editor with root privileges:

sudo nano /etc/ssh/sshd_config

In the file, find the line that says PasswordAuthentication. If it starts with a #, remove the # to uncomment it. Set its value to "no":

PasswordAuthentication no

Also, make sure these lines are set:

ChallengeResponseAuthentication no
UsePAM no

These settings will turn off password-based authentication methods.

Tip: Backup Your Configuration

Before making changes to the SSH configuration file, it's a good practice to create a backup. You can do this with the following command:

sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.backup

This allows you to revert changes if needed.

Applying the Changes

After changing the configuration file, you need to apply the changes by restarting the SSH service. You can do this with this command:

sudo systemctl restart ssh

To check that the changes have worked, try to connect to your server using a password. If the configuration is correct, the server should not allow password-based login attempts.

You can also check the SSH server's debug output to confirm the changes. Run this command:

sudo sshd -T | grep -i password

This should show the current password authentication settings, including passwordauthentication no.

Alternative Authentication Methods

Public Key Authentication

Public key authentication is a secure method for SSH access that uses a pair of cryptographic keys instead of a password. This system uses a public key you share with the server and a private key that stays on your local machine. The server uses the public key to create a challenge that only the matching private key can solve, allowing access without sending a password.

Public key authentication has these advantages over password authentication:

  • Better security: It's harder for attackers to guess or brute-force a cryptographic key than a password.
  • Easy to use: Once set up, you can log in without typing a password each time.
  • Useful for automation: Public keys work well for automated scripts and services that need secure access.
  • Better control: You can add or remove access by managing the authorized keys on the server.

Tip: Protect Your Private Key

Always keep your private key secure. Store it in a protected location on your local machine, and never share it with anyone. Consider encrypting your private key with a strong passphrase for an extra layer of security.

Setting Up Public Key Authentication

To set up public key authentication, follow these steps:

  1. Generate SSH keys: On your local machine, use the ssh-keygen command to create a key pair:

    ssh-keygen -t rsa -b 4096

    This creates a 4096-bit RSA key pair. The command will ask where to save the keys and if you want to use a passphrase.

  2. Add public key to authorized_keys file: Copy your public key to the server using the ssh-copy-id command:

    ssh-copy-id username@server_ip

    This adds your public key to the ~/.ssh/authorized_keys file on the server.

    If ssh-copy-id is not available, you can add the key manually:

    cat ~/.ssh/id_rsa.pub | ssh username@server_ip "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"

After setting up public key authentication, you can log in to your server without a password. Keep your private key safe and consider using a passphrase for extra protection.

Get Alerted When Your Website Goes Down
Uptime & speed monitoring for websites
Multiple-step transaction monitoring
SSL certificate health monitoring
Virus & malware monitoring
Status pages & incident alerts
Resources
Pricing
Comparisons
Knowledge Base
Blog
Learn
Questions
Monitoring Checkpoints
Solutions
Contact Us
Public Roadmap
Affiliate Program
Sitemap
API Documentation
Products
Uptime Monitoring
Speed Monitoring
Transaction Monitoring
Real User Monitoring
SSL Monitoring
Domain Monitoring
Public Status Page
Virus Monitoring
New
Tools
Website Availability Test
Uptime Calculator
Cron Expression Generator
Cron Expression Descriptor
Hex to RGB Converter
RGB to Hex Converter
Show All Tools
Legal
Privacy Policy
Cookie Policy
Terms and Conditions
GDPR
© 2015-2024 Uptimia. All rights reserved.
English English
English English
Deutsch Deutsch
Français Français