Disable interactive SSH at user-level

ssh security remote-access
18,112

Solution 1

If you have absolutely no control over the server, I don't see a way of doing this, as you don't control server settings, which is where this would have to be.

What you'd need to do is add this to the /etc/ssh/sshd_config file:

PasswordAuthentication no

Now, this would effectively disable password authentication for all users, which may be undesirable. What you could do then, is put this configuration directive in a Match block, so it only applies to your user, in the same config file:

Match user yourusername
PasswordAuthentication no

If you could get the server's admin to do this for you, it might be the way to go.

One other way is to set a really long, random and complicated password for your user, that way you're reasonably protected from random brute-force break-in attempts. Most attackers would likely be using some dictionary-based technique so as long as your password is long and random enough, it should be quite safe.

See "man sshd_config" for more details. Also, the solution I propose was suggested here.

Solution 2

You just need to edit this line from file /etc/ssh/sshd_config from yes to no:

#ChallengeResponseAuthentication yes
ChallengeResponseAuthentication no
Share:
18,112

Related videos on Youtube

Rainmaker
Author by

Rainmaker

Scientist. Developer. Tinkerer. I develop high-performance algorithms for investigating big data problems, especially those involving graphs. My background is in computational science, physics, and ecology.

Updated on September 18, 2022

Comments

  • Rainmaker
    Rainmaker over 1 year

    I connect to a server I don't control via SSH.

    I use public key access and don't need to be able to connect with a keyboard-interactive password.

    I would like to disable keyboard-interactive access to my user so that there is no way for others to hack in this way.

    Since I don't control the server, is there a way to set up my user's config file to prevent keyboard-interactive access?

  • Rainmaker
    Rainmaker over 12 years
    This is helpful, but I do not believe that this would "have" to be done in the server settings, as you say. It is clear that when I use public-key authentication, the SSH daemon is checking the public key against a file in my user directory. There is no reason to believe that the server could not, in principle, check a user config file for appropriate actions to take regarding keyboard-interactive logins. Whether or not SSHD implements this, I do not know.
  • Rainmaker
    Rainmaker over 12 years
    Indeed, the "KbdInteractiveAuthentication" and possibly the "ChallengeResponseAuthentication" settings in the "~/.ssh/config" file seem relevant, though I have not yet succeeded in getting them to work.
  • h3.
    h3. over 12 years
    @Richard ~/.ssh/config is only read by the client, not by the server. Sure, the server could, in principle, check a file in your home directory to check whether you want to allow password authentication. But it doesn't. In fact, sshd allows password logins even if your home directory doesn't exist; this can be a lifesaver in some circumstances, such as a hosed /home filesystem. The simple way to prevent others from logging in with your password is not to use a weak or reused password.
  • noleti
    noleti almost 10 years
    +1 for strong random password. I assume your current setup is such that you don't need to ever enter the account password? I usually use pwgen 20 or similar to generate a strong random string. Be sure to write down the password somewhere for backup.
  • Rainmaker
    Rainmaker about 8 years
    That is not a user level setting.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How to securely ssh into a machine at home over the internet
Disable password access through SSH?
How do I ssh-login into my Mac as root?
ssh public key problem: /usr/bin/ssh-copy-id: ERROR: No identities found
Remotely connect to MySQL with Python mysql.connector
Chef-client dying mid run
Corrupted MAC on input. ssh_dispatch_run_fatal:message authentication code incorrect unable to ssh jupyter notebook on remote server
How to ssh to Live CD for remote recovery - root password issue?
Remote access via ssh with password
Is it possible to run some SSH commands using SFTP?