Saturday, March 21, 2009

Disabling ssh password access

I am going away for a few days and have decided that I want to be able to access my main machine from my laptop. I normally use ssh for logging in from one machine to another and normally use private keys for all my ssh connections but do have password access available as well. However, this time, as I plan to leave TCP port 22 (the ssh port) open through my home router to my iMac and I want it to be as secure as possible. This means that I do not want password access at all, only private keys.

So, I have edited the /etc/sshd_config (or /etc/ssh/sshd_config) file to include the lines:

PasswordAuthentication no
UsePAM no

These lines turn password access off and force ssh to require the use of a private key. If you don't have a key that allows login then login is immediately rejected. I feel pretty secure as far as ssh is concerned now.

I just have to remember to copy the public key from my laptop to my iMac before I leave!

No comments: