Disable SSH Password Authentication for added security.

A while ago I wrote a bit about Shared Key Authentication for SSH, and discussed a bit about the benefits of enabling this on your own servers or even desktops. one of which is protecting your server against brute force attacks. However we never discussed that in order for your system to be truly protected from a brute force attack on your password you need to disable password authentication on your server. Please note before attempting this make sure that your keys work because if your configuring your server remotely and you disable password authentication you will lock yourself out. Once you are sure that you can log into the remote host using your private key, we can safely disable the user name/password authentication.

The procedure to set this up is extremely simple. I’ll be showing you this on a Ubuntu Server install with OpenSSH but the procedure is similar on other setups. On a Ubuntu server the file will be located in /etc/ssh/sshd_config. your going to want to add the following to the config file (or change the values if they already exist.

ChallengeResponseAuthentication no
PasswordAuthentication no
UsePAM no

Once you save the changes you’ll need to reload the SSH server with the following command.

User@Host:~$ /etc/init.d/ssh reload

Thats it, your server should no longer accept user name/password authentication.