How to disable SH password on Linux to improve security

[Depov]

I want to disable access for ssh clients using password and allowonly authorization ssh with SSH keys. Howto disable password authentication for SSH in Linux operatingsystems?

First, you need to set up your usual useraccount. Then configure the SSH-keys for the input. Once you’veconfigured SSH keys, you need to disable the password for all users,including root. This guide shows:

How to create a skel keyand disable the authentication of the password in the system based onLinux or Unix




For the purpose of demonstrating I use Ubuntu Linux

Step 1– Login to a Remote Server

Use a ssh command or clientlike Putty:

$ssh root@server-ip-here


$ssh [email protected]

Step 2 – Creatinga new user account

Enter the following command in theLinux-based system to create a new user with the name vivek:

#useradd -m -s /bin/bash vivek

Install your userpassword:

#passwd vivek

Examples of possibledata conclusions:

Enternew UNIX password:


Retypenew UNIX password:

passwd: successfullypassword updated
Add the user to the auxiliary/secondary sudogroup (Ubuntu/Debian) or wheel (RHEL/CentOS):

#usermod -aG sudo vivek

OR for RHEL/CentOSLinux:

#usermod -aG wheel vivek

The above teamallows people in the group wheel or sudo Run all the teams. Checkthis:

#su - vivek


$id vivek

Examples of possibledata conclusions:

uid=1000(vivek)gid=1000(vivek) groups=1000(vivek),27(sudo)

Get out of theentrance shell:

$logout

Step 3 – Installssh keys to a remote machine

The entire command must beperformed at the local/desktop/macos/freebd workstation. Create keypairs:

$ssh-keygen -t rsa

Install the publickey on the remote server:

$ssh-copy-id -i $HOME/.ssh/id_rsa.pub [email protected]

Examples of possibledata conclusions:

/usr/local/bin/ssh-copy-id:INFO: Source of key(s) to be installed:"/Users/vivek/.ssh/id_rsa.pub"


/usr/local/bin/ssh-copy-id:INFO: attempting to log in with the new key(s), to filter out anythat are already installed


/usr/local/bin/ssh-copy-id:INFO: 1 key(s) remain to be installed -- if you are prompted now itis to install the new keys


[email protected]'spassword:


Numberof key(s) added: 1


Nowtry logging into the machine, with: "ssh'[email protected]'"


andcheck to make sure that only the key(s) you wanted were added.

Check Ssh keybaseEntrance:

$ssh [email protected]

Examples of possibledata conclusions:

Welcometo Ubuntu 16.04.1 LTS (GNU/Linux 4.8.6-x86_64-linode78 x86_64)


*Documentation: https://help.ubuntu.com


*Management: https://landscape.canonical.com


*Support: https://www.ubuntu.com/support/plans-and-pricing


Torun a command as administrator (user "root"), use "sudo".


See"man sudo_root" for details.


vivek@ubuntu:~$

To run the commandas administrator (user "root»), use the command "sudo{command}". For example:

$sudo ls /root/

To get the rootshell, enter:

$sudo –s

Step 4 – Disablethe entrance for root, as well as password-based input

Editthe /etc/sshd_config file file and enter:

$sudo vi /etc/ssh/sshd_config

FindChallengeResponseAuthentication and put it on no:
ChallengeResponseAuthentication no



FindPasswordAuthentication and put it on no :

PasswordAuthenticationno

Find UsePAM and putit on no :

UsePAMno

Find PermitRootLoginand put it on no :

PermitRootLoginno

Save the changes andclose the file. Restart sh server:

#/etc/init.d/ssh reload

or

$sudo systemctl reload ssh

or use the followingin RHEL/CentOS Linux

#/etc/init.d/sshd reload

Step 5 –Check

Try logging in as a root user :

$ssh [email protected]


Permissiondenied (publickey).

Try to enter onlywith a password:

$ssh [email protected] -o PubkeyAuthentication=no


Permissiondenied (publickey).

And finally, youmanaged. Now the password authentication for SSH is disabled,including the root user. Now your server will only accept login basedon the key, and the root user will not be able to enter with thepassword.

 

[Guerra007]

thx

 

[CELESTIAL]

++

 

[holo4in2]

+