How to Enable or Disable Password Authentication in SSH (Step-by-Step Guide)

Hosting April 15, 2025

Managing SSH access is among the most crucial tasks for anyone working on Linux servers. When you’re establishing a new VPS or running a laboratory at home, or overseeing employees on a team the knowledge of how to disable or enable password authentication on SSH can help or break the security of your server.

This guide will take you through both how to enable password authentication on SSH and how to disable password authentication on SSH using an easy, user-friendly and security-focused approach.

What is SSH and Password Authentication?

SSH (Secure Shell) is your encrypted tunnel to remotely access servers. Think of it like a secure secret pathway from your computer to a remote machine. Password authentication is one method to verify identity — you enter a username and password combo to log in. It’s simple, widely used, and familiar — but not the most secure option.

There’s also SSH key authentication, which is more secure and faster. But sometimes, password authentication is more practical — especially for new users, temporary access, or internal systems.

How to Enable Password Authentication in SSH

Maybe you’re troubleshooting, onboarding a user who doesn’t have SSH keys, or you’re on a test machine — whatever the reason, enabling password login is straightforward.

Step 1: Log In and Open the SSH Configuration File

  1. Log into your server using SSH (with a key or password if still enabled).
  2. Open the SSH configuration file in a text editor:
    bash
    sudo nano /etc/ssh/sshd_config

Step 2: Modify SSH Settings

Look for the line:

nginx
PasswordAuthentication no

Change it to:

nginx
PasswordAuthentication yes

Also, ensure the following line is either uncommented or set to yes:

nginx
ChallengeResponseAuthentication yes

And confirm this line is present:

nginx
UsePAM yes

These settings allow Linux to authenticate users via password and PAM (Pluggable Authentication Modules), which is essential for local user verification.

Step 3: Restart the SSH Service

Save the file (Ctrl + O, then Enter, then Ctrl + X) and restart SSH:

bash
sudo systemctl restart ssh

SSH will now accept password logins.

Step 4: Test Your Changes

Before you close your current session, open another terminal and try logging in:

bash
ssh youruser@your-server-ip

If prompted for a password, congrats! It’s working.

Important: Never log out of your active SSH session until you’ve confirmed that the password login works properly — otherwise, you risk locking yourself out.

When Should You Enable Password Authentication?

  • You’re setting up a new user who hasn’t created SSH keys
  • You’re working in a closed network with low security risk
  • You’re troubleshooting or doing temporary testing
  • You’re using automation or legacy tools that require passwords

Just remember: enable it responsibly, and always use strong passwords with at least 12–16 characters, including symbols and numbers.

How to Disable Password Authentication in SSH

Now let’s talk security. If you want to take your server’s protection to the next level, disabling password authentication is the way to go. It blocks brute-force login attempts, makes SSH harder to exploit, and forces the use of SSH keys — which are far more secure.

Step 1: Ensure SSH Key Authentication Works First

Before you even think about disabling passwords:

  • Make sure your SSH public key is copied to the server.
  • You should be able to log in using ssh youruser@your-server-ip without entering a password.

If you haven’t done this yet, use:

bash
ssh-copy-id youruser@your-server-ip

This will place your public key in the correct location (~/.ssh/authorized_keys) on the server.

Step 2: Open the SSH Configuration File Again

Use the terminal to edit the SSH config:

bash
sudo nano /etc/ssh/sshd_config

Find these lines and update them:

nginx
PasswordAuthentication no
ChallengeResponseAuthentication no
UsePAM yes

Make sure SSH key authentication is enabled:

nginx
PubkeyAuthentication yes

This setup will ensure that only users with a valid SSH key can log in.

Step 3: Restart SSH and Test It

Restart the SSH service:

bash
sudo systemctl restart ssh

Now — and this is crucial — test your login in a new terminal to confirm it works with your SSH key:

bash
ssh youruser@your-server-ip

If it connects without asking for a password, you’re golden.

Why Disable Password Authentication?

  • Security: Prevent brute-force and dictionary attacks.
  • Control: Only authorized devices with SSH keys can access the server.
  • Speed: Login is faster with keys and more reliable for automation.

This is especially important if your server is exposed to the internet — like on AWS, DigitalOcean, Linode, etc.

Tips to Avoid Locking Yourself Out

  • Always test changes in a second SSH session before closing the first
  • Keep a backup of your SSH config file: bashCopyEditsudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak
  • Use a cloud provider’s recovery console if needed
  • Ensure all necessary users have their public keys added beforehand

Final Thoughts

Enabling or disabling SSH password authentication boils down to this: convenience vs. security.

If you’re in a secure environment or onboarding new users, passwords might make sense. But for any serious deployment, especially on public servers, SSH key-based login is the clear winner.

Learn to switch between the two based on what your setup demands. And always prioritize backups, strong user management, and security hygiene when managing SSH access.

FAQs

1. Can I use both password and key authentication together?

Yes! You can have both enabled in sshd_config:

bash
PasswordAuthentication yes
PubkeyAuthentication yes

But for better security, choose one — preferably SSH keys.

2. What happens if I disable password login and lose my SSH key?

You’ll be locked out unless:

  • You have physical access to the machine
  • You use a cloud provider with recovery console
  • You’ve added another user with working SSH access

Always keep backup keys in secure places.

3. Is SSH over password authentication safe for production?

Not really. It’s not recommended. Passwords can be guessed or stolen. SSH keys are far more secure for production use.

4. How can I check if SSH password login is currently enabled?

Run:

bash
sudo grep -Ei 'passwordauthentication|challenge' /etc/ssh/sshd_config

If PasswordAuthentication or ChallengeResponseAuthentication is set to yes, then it’s enabled.

5. What’s the best way to secure SSH?

  • Disable password logins
  • Use SSH keys with passphrases
  • Disable root login (PermitRootLogin no)
  • Change default port (from 22 to something else)
  • Use firewall rules and Fail2Ban for extra protection

Tags:

You may also like...

Power Up Your Hosting with MainVPS!

Get blazing-fast, secure, and reliable VPS & Web hosting at unbeatable prices. Whether you’re a developer, business owner, or reseller, MainVPS has the perfect plan for you!