It is a very good security practice to completely disable password authentication on your Linux server and use public key authentication method.
In order to do that you need to create your own public/private key pair and put the public key in ~/.ssh/authorized_keys
1 2 | mkdir -p ~/. ssh echo 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDHV80zPWjPAwKo8Be0k1ypBRMdYDC0H2eQchu3MFsEp8av2F/18GNuHsbyMWp0p1uovP5LGZ/oPZ1ISJxLxxOBiqv0fOyb8uTDYWUUITgGvq9Fppj3BNYTjnLCUAVMKdP3VJ7IPk69ygYR1nhAXiv3dSfeG74f2eo3ZYhrylsVS2G84DUh47FuEFOsfn5s2wXVjwAgqdKBhiVQZWrptf6TEK3fZTVg4rCiRJ+YiIwTZr/CfFHbdqOiwDlGR5fWo0PHHq31lrQXzkASfi3C+ahQFnHsy4+8LdCq+TjzC3J6PbuXP1wpLdm1iP35f61hU1wX2hwhyxdvE+SBXT/PpSVB' >> ~/. ssh /authorized_keys |
DISCLAIMER : The above key is my public key, if you put it on your server, I will be able to login into your server
Now add/change the following config to the BEGINNING of /etc/ssh/sshd_config
1 2 3 4 | ChallengeResponseAuthentication no PasswordAuthentication no UsePAM no PubkeyAuthentication yes |
and restart ssh service :
1 | service ssh restart |
In order to check that only public key authentication is available run the following command on the server :
1 | ssh -o PreferredAuthentications=none -o NoHostAuthenticationForLocalhost= yes localhost -p 22 |
and you should get this error :
1 | Permission denied (publickey). |
Note : Before closing your current SSH session, I highly recommend you to test that actually you can login into your server by new method. otherwise you may be locked out of your server.