Articles

How to Disable SSH Password Authentication

As long as you use strong passwords, it is not necessary to disable SSH password authentication for your server; however, you can disable it if you would like.

Before you proceed, keep these things in mind:

  • Disabling password authentication makes it more likely for you to be locked out of your server.
  • You can become locked out if you lose your private key or break your ~/.authorized_keys file.
  • If you are locked out, you will no longer be able to access the files of any apps.
You should only disable SSH password authentication if you are extremely familiar with public key authentication and understand the potential consequences of locking yourself out of your server.

To disable SSH password authentication, SSH in to your server as root to edit this file:

/etc/ssh/sshd_config

Then, change the line

PasswordAuthentication yes

to

PasswordAuthentication no

After making that change, restart the SSH service by running the following command as root:

sudo service ssh restart