Turn off SSH passwords in Ubuntu, connect via SSH keys only

Once you have a successful connection to your remote instance with SSH keys, it is better practice to disable SSH Password Authentication to mitigate further bruteforce password attempts, this coupled with a service like Fail2ban will further strengthen your Virtual instance.

Remote into your VPS via SSH and open the SSH config file:

nano /etc/ssh/sshd_config

Find and set Password Authentication to no:

PasswordAuthentication no

Find and uncomment and set PubkeyAuthentication to yes:

PubkeyAuthentication yes

Restart the SSH service:

systemctl restart sshd.service

That’s it, now all password attempts for SSH will be blocked immediately.

Changing SSH Port

You can also change the Port number for SSH to further restrict bruteforce attempts.

Add a new Port number to your firewall, say 2000 to allow incoming connections on that number, then edit the SSH config file again:

nano /etc/ssh/sshd_config

Look for Port 22 and change to what you want, say 2000, then save and restart.

systemctl restart sshd.service

See what ports are open:

ufw status

Check you can SSH in on the new port, then remove the firewall rule for Port 22, that’s it now you have security through obscurity.

Leave all Comment