All Linux HowTo's Security HowTo's

Force SSHd to allow keys only, no passwords

This article is an example of a “/etc/ssh/sshd_config” file that forces the use of SSH keys. Password logins are disabled. Root logins are disable too.

Tip for testing: You can login as root, apply these settings and then test it with a second session – this won’t kick you off from your original session. However, to be safe, consider having console access just in case.

HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
SyslogFacility AUTHPRIV
PermitRootLogin no
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile	.ssh/authorized_keys
PasswordAuthentication no
ChallengeResponseAuthentication no
GSSAPIAuthentication yes
GSSAPICleanupCredentials no
UsePAM yes
X11Forwarding yes
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
AcceptEnv XMODIFIERS
Subsystem	sftp	/usr/libexec/openssh/sftp-server

Similar Posts:

Leave a Reply

Your email address will not be published. Required fields are marked *