Are you a spammer

Please note, that the first 3 posts you make, will need to be approved by a forum Administrator or Moderator before they are publicly viewable.
Each application to join this forum is checked at the Stop Forum Spam website. If the email or IP address appears there when checked, you will not be allowed to join this forum.
If you get past this check and post spam on this forum, your posts will be immediately deleted and your account inactivated.You will then be banned and your IP will be submitted to your ISP, notifying them of your spamming. So your spam links will only be seen for an hour or two at most. In other words, don't waste your time and ours.

This forum is for the use and enjoyment of the members and visitors looking to learn about and share information regarding the topics listed. It is not a free-for-all advertising venue. Your time would be better spent pursuing legitimate avenues of promoting your websites.

How to Force ssh login via Public Key Authentication

Build it and learn to secure your system/server.


How to Force ssh login via Public Key Authentication

Postby tanmay.01 » Wed Jul 03, 2013 7:40 am

A main advantage of key authentication is that you can be protected against brute-force password guessing attacks. However, requiring a private key for ssh access means that you have to store the key somewhere on client system, which can be another avenue of attack.

Here is how to disable ssh password authentication so that you can force ssh login via public key only.
Open sshd configuration file, and add the following line (or uncomment it if it’s commented out).

Code: Select all
sudo nano /etc/ssh/sshd_config


PasswordAuthentication no


Make sure that you have the following in /etc/ssh/sshd_config, in order to allow private/public key authentication.

RSAAuthentication yes
PubkeyAuthentication yes


Finally, reload ssh server configuration to make the change effective.
Code: Select all
sudo /etc/init.d/ssh reload


The above setting will disable ssh login via password, system-wide. If what you want is to disable ssh password login for individual users, you can do the following.

If you want to disable ssh password authentication for specific users only, use “Match User” field as follows.

Match User theemahn,ironmahn
PasswordAuthentication no


If you want to disable ssh password login for specific Linux group(s), use “Match Group” field. For example, to disable ssh password login for all users belonging to “sudoers” group:

Match Group sudoers
PasswordAuthentication no


If you want to force ssh key authentication for non-root normal users, use “Match User” field.

Match User !root
PasswordAuthentication no
HP ENVY 15
•3rd generation Intel(R) Core(TheeMahn) i5-3210M Processor (2.5 GHz with Turbo Boost up to 3.1 GHz)
• 1GB Radeon(TheeMahn) HD 7750M GDDR5 Graphics [HDMI]
• 6GB 1600DDR3 System Memory (2 Dimm)
• 750GB 7200 rpm Hard Drive
• Intel 2x2 802.11a/b/g/n WLAN + Bluetooth(R)
• Full-size Radiance backlit keyboard.

Image
User avatar
tanmay.01
Moderator
 
Posts: 253
Joined: Wed Dec 07, 2011 1:03 pm
Location: India
Age: 33
Operating System: Other Linux

Return to Server and Security

Who is online

Users browsing this forum: No registered users and 3 guests