"Great things never came from comfort zones." - Tony Luziaya
Managing users is never an easy task. In a weird way, technology is meant for humans and not otherwise. A systems administrator is nothing without the users. Say "hi" to your users; they are a necessity.
Oftentimes as system administrators, we need to harden our login protocols, even when we use SSH. One of the most basic things to do is disable password-based SSH login. It definitely sounds like a no-brainer, but why?
You should be aware that you can use SSH with the root or another account's password to log in remotely to a Linux server. When you do this with a bot and a lot of passwords, we have a brute force attack.
What do we say to hackers? Not today.
The process of disabling password-based SSH login is straightforward, requiring just three steps.
Step 1: Checking for Failed Login Attempts
Before making any changes, it is good practice to check for any failed login attempts on the server. This provides a baseline of security activity. The lastb command is used to view a log of all failed login attempts. Combining it with tail shows the most recent entries.
sudo lastb | tail
For more targeted investigation, the command can be extended with --since YYYY-MM-DD and --until YYYY-MM-DD to specify a timeframe. This is useful for incident response and security analysis.
Step 2: Editing the SSH Configuration File
The primary configuration file for the OpenSSH server (sshd) is located at /etc/ssh/sshd_config. This file dictates all the rules for SSH access. To disable password authentication, this file must be modified.
I used vi with sudo privileges to edit the file.
sudo vi /etc/ssh/sshd_config
Within the file, I located the line PasswordAuthentication yes and changed the value to no.
A critical step before applying any changes is to test the configuration file's syntax to prevent being locked out of the server. The sshd -t command performs this check without restarting the service.
sudo sshd -t
This command ensures the configuration is valid and free of errors.
Step 3: Restarting the SSH Service
To apply the changes made to the sshd_config file, the SSH service must be restarted. On Linux systems that use systemd, this is accomplished with the systemctl command.
sudo systemctl restart sshd
After restarting the service, I logged out of the server and attempted to reconnect using a password. The connection was successfully denied with a "Permission denied" error, confirming that the change was effective on all three servers I was managing.
This task served as a practical demonstration of how to secure a server by disabling a less-secure authentication method and emphasized the importance of verifying configuration changes to avoid service disruptions.
Top comments (0)