Some system administrators may want to disable SSH password authentication on their systems and allow only SSH key-based logins. This is typically done to make their system more secure and disallow users from easily accessing it using passwords alone. In this article, we will learn how to disable SSH password authentication for some users in Linux. You can use these steps for all Linux distributions.
How to Disable SSH Password Authentication for Some Users
There are different ways to disable SSH password authentication for some users. We will look at them one by one.
1. Open SSH Config File
Open terminal and run the following command to open SSH config file.
$ sudo vi /etc/ssh/sshd_config
2. Disable SSH Authentication
If you want to disable SSH authentication for all users, look for PasswordAuthentication directive in the file, and set it to No.
PasswordAuthentication no
If you want to disable password authentication for specific users such as user1, user2, then use the Match User directive to apply the above PasswordAuthentication rule to only those users.
Match User user1,user2 PasswordAuthentication no
If you want to disable password authentication for all users in a specific user group such as data_users use the Match Group condition to match only those users, as shown below.
Match Group data_user PasswordAuthentication no
If you want to disable password authentication for all users except root user, you can also use negation operator to specify it.
Match User !root PasswordAuthentication no
Save and close the file.
3. Restart SSH service
Run the following command to restart SSH service.
$ /etc/init.d/ssh reload OR $ sudo systemctl reload ssh OR $ /etc/init.d/sshd reload
4. Verify Changes
Next run the following command to connect to SSH server. Replace username and server-ip with the username and server IP address of your SSH login.
$ ssh username@server-ip -o PubkeyAuthentication=no
In this article, we have learnt how to remove SSH password authentication in Linux. If you want to enable password authentication, just change the value of PasswordAuthentication directive above to Yes.
Also read:
How to Kill Process Running Longer than Specific Time
How to Split Tar into Multiple Files
How to Configure Samba Server in RHEL, CentOS
How to Rename Files to Lowercase or Uppercase in Linux
How to Find Index of Item in Python List
Related posts:
Sreeram has more than 10 years of experience in web development, Python, Linux, SQL and database programming.