Secure Shell (SSH) is a protocol that provides a secure method to remotely access a server. By default, SSH on Ubuntu 22.04 allows password-based authentication. However, this can be a security risk as it opens the door to brute-force attacks. A more secure method is to use SSH key-based authentication. In this article, we will guide you through the process of disabling password authentication for SSH on Ubuntu 22.04.
To disable password authentication for SSH on Ubuntu 22.04, you need to modify the SSH server configuration file (sshd_config). Locate the PasswordAuthentication line and set its value to no. Optionally, you can also set ChallengeResponseAuthentication to no to disable challenge-response authentication. Save the changes and restart the SSH service. After following these steps, only users with a valid SSH key will be able to authenticate.
Prerequisites
Before proceeding, ensure that:
- You have SSH installed and running on your Ubuntu 22.04 server.
- You have root or sudo access to the server.
- You have set up SSH key-based authentication.
Step 1: Accessing the SSH Configuration File
The SSH server configuration file, sshd_config, is where we make changes to disable password authentication. Open this file using a text editor with root privileges. We’ll use nano in this example:
sudo nano /etc/ssh/sshd_configsudo is used to run the command with root privileges. nano is a simple, user-friendly text editor, and /etc/ssh/sshd_config is the path to the SSH server configuration file.
Step 2: Modifying the Configuration File
In the opened file, locate the line that reads PasswordAuthentication. This line might be commented out with a # at the beginning. If so, uncomment it by removing the #.
Set the value of PasswordAuthentication to no:
PasswordAuthentication noThis line tells the SSH server to not allow password authentication.
Optionally, you can also disable challenge-response authentication by setting ChallengeResponseAuthentication to no:
ChallengeResponseAuthentication noThis line tells the SSH server to not allow challenge-response authentication, a method that prompts users for their password.
After making these changes, save and exit the text editor. In nano, you can do this by pressing Ctrl + X, then Y to confirm saving changes, and finally Enter to confirm the file name.
Step 3: Restarting the SSH Service
For the changes to take effect, you need to restart the SSH service. Depending on your system, you can use one of the following commands:
sudo service ssh restartor
sudo systemctl restart sshThe sudo command runs the following command with root privileges. service and systemctl are system commands used to start, stop, and manage services. ssh is the service we want to manage, and restart is the action we want to perform.
Conclusion
After following these steps, SSH password authentication should be disabled on your Ubuntu 22.04 server. Now, only users with a valid SSH key will be able to authenticate.
Please ensure you have a working SSH key configured before disabling password authentication. If you are still able to log in with a password after following these steps, there may be additional configurations or settings specific to your VPS provider. In such cases, it is recommended to reach out to your VPS provider’s support for further assistance.
For more information on SSH and Ubuntu, you can visit the official Ubuntu documentation and the OpenSSH manual page.
Remember, security is an ongoing process and it’s always a good idea to regularly review and update your security practices.
No, once you have disabled password authentication for SSH, you will only be able to authenticate using SSH keys. Password authentication will no longer be accepted.
To set up SSH key-based authentication, you need to generate an SSH key pair on your local machine and then copy the public key to the server. You can follow our guide on how to set up SSH key-based authentication on Ubuntu 22.04 for detailed instructions.
Yes, you have the option to disable challenge-response authentication by setting ChallengeResponseAuthentication to no in the SSH server configuration file. This method prompts users for their password. However, it is recommended to also disable challenge-response authentication for enhanced security.
You can access the SSH server configuration file, sshd_config, by opening it with a text editor that has root privileges. In our example, we used nano to open the file with the command sudo nano /etc/ssh/sshd_config.
Yes, you need root or sudo access to modify the SSH server configuration file and restart the SSH service. Without sufficient privileges, you won’t be able to make the necessary changes to disable password authentication.
To restart the SSH service, you can use either the command sudo service ssh restart or sudo systemctl restart ssh, depending on your system. Both commands will restart the SSH service and apply the changes made to the configuration file.
