How to disable password authentication on SSH server

Endrit Qerreti

Endrit Qerreti

Logging in to ssh via password is still one of the most common ways to authenticate to SSH.

However, this doesn't mean that it is the safest method to login on SSH. Using password to login to ssh may save you some time but it's better to disable ssh password login and use only ssh keys in order to keep your server safe from bruteforce attacks.

If you've ever looked at server logs, you may have seen lots of failed authentication attempts, all these authentication attempts are actually brute force attempts, meaning there are bad guys out there trying to brute force your SSH's password. The only way to stop this from happening is to use ssh keys to authenticate on your server.

If you continue to use passwords, because you can't use ssh keys then make sure to generate a safe password.

In this tutorial, you will learn how to disable ssh password on your SSH server.

Disable password auth on SSH

To disable password authentication on your SSH server, you need to set PasswordAuthentication to no on the config file ssh_config.

1) First you need to open this file with a text editor

sudo nano /etc/ssh/ssh_config

We are using nano text editor to make changes to the ssh_config file. However, you can use other text editors if you like.

2) Now, you need to copy the config below into the config file

PasswordAuthentication no

Once done, save changes by pressing CTRL + X

The config above will disable password authentication, so any attempt to login to your server via password will be refused.

3) Finally, you need to restart the ssh server by running the command below

systemctl restart ssh

4) Once you have rebooted your server, you can proceed to test if the password authentication has been disabled on your server.

To do this, simply try to ssh into your server

ssh root@<server-ip>

Conclusion

In this tutorial, you learned how to disable password authentication on SSH server, and why disabling password authentication is necessary in order to keep your SSH server safe from brute force attack.