How to Force ssh login via Public Key Authentication

Discussion in 'Linux Security' started by Technofhilia, Jul 12, 2013.

  1. Technofhilia

    Technofhilia New Member

    Messages:
    7
    Likes Received:
    7
    Trophy Points:
    3
    A main advantage of key authentication is that you can be protected against brute-force password guessing attacks. However, requiring a private key for ssh access means that you have to store the key somewhere on client system, which can be another avenue of attack.

    Here is how to disable ssh password authentication so that you can force ssh login via public key only.
    Open sshd configuration file, and add the following line (or uncomment it if it’s commented out).

    Code:
    sudo nano /etc/ssh/sshd_config
    Make sure that you have the following in /etc/ssh/sshd_config, in order to allow private/public key authentication.

    Finally, reload ssh server configuration to make the change effective.
    Code:
    sudo /etc/init.d/ssh reload
    The above setting will disable ssh login via password, system-wide. If what you want is to disable ssh password login for individual users, you can do the following.

    If you want to disable ssh password authentication for specific users only, use “Match User” field as follows.


    If you want to disable ssh password login for specific Linux group(s), use “Match Group” field. For example, to disable ssh password login for all users belonging to “sudoers” group:

    If you want to force ssh key authentication for non-root normal users, use “Match User” field.

    Attached Files:

    DevynCJohnson, ryanvade and Rob like this.
  2. ryanvade

    ryanvade Administrator Staff Member Staff Writer

    Messages:
    1,260
    Likes Received:
    429
    Trophy Points:
    83

Share This Page