In today’s installment of the SSH setup series, we’ll learn how to make server-side configuration options that can shape how the server responds and what types of connections are allowed. In previous parts , you could learn how to generate an SSH key , how to perform basic server settings . Today we’ll show you how to limit the user group of SSH connections and recommend disabling SSH connections for root.
Disable password authentication
If you already have SSH keys configured, tested, and working properly, it’s probably a good idea to turn off password authentication. This will prevent any user from logging in with SSH using the password.
To do this, connect to the remote server and open the file
Inside this file, locate the directive PasswordAuthenticatio. If it’s converted to a comment, return it to functionality and set it to “no” to disable password login:
PasswordAuthentication no
After making this change, save and close the file. Restarts the SSH service
Now no accounts on the system will be able to login with SSH using passwords.
Changing the port on which the SSH daemon runs
Some administrators recommend that you change the default port that SSH runs on. It can help reduce the number of authentication attempts the server is exposed to from automated bots.
To change the port on which the SSH daemon listens, you will need to login to the remote server. Open the file on the remote server sshd_configwith permissions root, either by logging in as this user or using sudo:
Once inside, you can change the port that SSH runs on by finding the Port 22 specification and editing it to the port you wish to use. For example, if you want to change the port to 4444, put this number in the file:
save and close the file. You must saudi arabia phone number data restart the SSH daemon to implement the changes.
After the daemon restarts, you will need
Specify a port number when authenticating (we demonstrated this in one of the previous sections).
How to limit the set of users who how we are going to optimize our cash flow in 2024 can connect via SSH
There are several different approaches to explicitly specify the user accounts that will be able to connect bw lists via SSH, but all of them require editing the SSH daemon’s configuration file.