You just strengthened the security of your Linode by adding a new user and generating SSH keys. Now it's time to make some changes to the default SSH configuration. First, you'll disable password authentication to require all users connecting via SSH to use key authentication. Next, you'll disable root login to prevent the root user from logging in via SSH. These steps are optional, but are strongly recommended.
Note
You may want to leave password authentication enabled if you connect to your Linode from many different desktop computers. That will allow you to authenticate with a password instead of copying the private key to every computer.
Here's how to disable SSH password authentication and root login:
- Open the SSH configuration file for editing by entering the following command:
sudo nano /etc/ssh/sshd_config
Note
If you see a message similar to -bash: sudo: command not found, you'll need to install sudo on your Linode. To do so, log in as root by entering the sucommand, and type the root password when prompted. Next, install sudo by entering the following command: apt-get install sudo. After sudo has been installed, log out as the root user by entering the exit command.
- Change the PasswordAuthentication setting to no as shown below. Verify that the line is uncommented by removing the # in front of the line, if there is one.:
PasswordAuthentication no
- Change the PermitRootLogin setting to no as shown below:
PermitRootLogin no
- Save the changes to the SSH configuration file by pressing Control-X, and then Y.
- Restart the SSH service to load the new configuration. Enter the following command:
sudo service ssh restart
After the SSH service restarts, the SSH configuration changes will be applied.
No comments:
Post a Comment