How to deny root SSH login + require SSH key for user?

server ssh login root
5,639

If you want to disallow password logins then just set PasswordAuthentication no in the sshd_conf on the server.

I don't recall exactly, but I think at least no root login is the default.

Attempting to log in as any user on the system, who does not have your public key in their ~/.ssh/authorized_keys will ask for the password, whether or not a password is set, or a shell is available, if password login has not been disabled.

I think what you want is simply:

PasswordAuthentication no
PermitRootLogin no

This will disallow any root login, either with ssh key or password, and will require users to login with a valid key, as included by having the public key in that user's ~/.ssh/authorized_keys file.

Share:
5,639

Related videos on Youtube

Sanam Patel
Author by

Sanam Patel

Updated on September 18, 2022

Comments

  • Sanam Patel
    Sanam Patel over 1 year

    After reading this similar question I'm unclear how to require SSH keys for user, while denying SSH access to root (key or password). I'll use sudo after logging in as a user if I need to be root.

    I know how to require SSH keys:

    PermitRootLogin without-password

    I know how to disable user 'root' from logging in: 

    PermitRootLogin no

    I know how to whitelist a user:

    AllowUsers user

    I don't know how to put this all together (or if it's even necessary? - SSH key may be good enough). I would normally solve an answer like this through trial and error, but I'm afraid I'll lock myself out of this server...

  • Sanam Patel
    Sanam Patel over 10 years
    I think what's confusing me is that if I do this, then try to SSH in as root, I am asked for a password. I'm not expecting to see this since no root password was set and root can't log in? Is it normal for the server to ask for root's password even when root login is not possible?
  • Sanam Patel
    Sanam Patel over 10 years
    Thanks, I understand this now after the edit. Looks like PasswordAuthentication no breaks scp from another server to this machine, so I may skip that line. I could probably copy my private key to the originating server so it would work again with the target server but I'd rather not.
  • dobey
    dobey over 10 years
    Use ssh -A to forward the agent, only when you need to access other resources from the remote machine, with your private key.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Permission denied (publickey,password). while using ssh to login
Changed root password on my server, now can't login anymore
Unable to access the server via SSH?
How to solve Bad Configuration Option: UseDNS?
Tens of thousands of failed/denied SSH login attempts
Show system information at startup regardless of load
How can I redirect SSH users to another SSH login?
How can I increase the maximum number of simultaneous users to log in to a server?
SSH error: Permission denied, please try again
Long wait time on login