{"id":11226,"date":"2025-04-15T06:12:15","date_gmt":"2025-04-15T06:12:15","guid":{"rendered":"https:\/\/mainvps.net\/blog\/?p=11226"},"modified":"2025-05-19T11:13:53","modified_gmt":"2025-05-19T11:13:53","slug":"enable-or-disable-password-authentication-in-ssh","status":"publish","type":"post","link":"https:\/\/mainvps.net\/blog\/enable-or-disable-password-authentication-in-ssh\/","title":{"rendered":"How to Enable or Disable Password Authentication in SSH (Step-by-Step Guide)"},"content":{"rendered":"\n<p>Managing SSH access is among the most crucial tasks for anyone working on Linux servers.&nbsp;When you&#8217;re establishing a new&nbsp;<a href=\"https:\/\/mainvps.net\/vps\">VPS<\/a>&nbsp;or running a laboratory at home, or overseeing employees on a team the knowledge of&nbsp;<strong>how to disable or enable password authentication on SSH<\/strong>&nbsp;can help or break the security of your server.<\/p>\n\n\n\n<p>This guide will take you through both <strong>how to enable password authentication on SSH<\/strong>&nbsp;and <strong>how to disable password authentication on SSH<\/strong>&nbsp;using an easy, user-friendly and security-focused approach.<\/p>\n\n\n\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_82_2 counter-hierarchy ez-toc-counter ez-toc-light-blue ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 eztoc-toggle-hide-by-default' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/mainvps.net\/blog\/enable-or-disable-password-authentication-in-ssh\/#What_is_SSH_and_Password_Authentication\" >What is SSH and Password Authentication?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/mainvps.net\/blog\/enable-or-disable-password-authentication-in-ssh\/#How_to_Enable_Password_Authentication_in_SSH\" >How to Enable Password Authentication in SSH<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/mainvps.net\/blog\/enable-or-disable-password-authentication-in-ssh\/#Step_1_Log_In_and_Open_the_SSH_Configuration_File\" >Step 1: Log In and Open the SSH Configuration File<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/mainvps.net\/blog\/enable-or-disable-password-authentication-in-ssh\/#Step_2_Modify_SSH_Settings\" >Step 2: Modify SSH Settings<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/mainvps.net\/blog\/enable-or-disable-password-authentication-in-ssh\/#Step_3_Restart_the_SSH_Service\" >Step 3: Restart the SSH Service<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/mainvps.net\/blog\/enable-or-disable-password-authentication-in-ssh\/#Step_4_Test_Your_Changes\" >Step 4: Test Your Changes<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/mainvps.net\/blog\/enable-or-disable-password-authentication-in-ssh\/#When_Should_You_Enable_Password_Authentication\" >When Should You Enable Password Authentication?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/mainvps.net\/blog\/enable-or-disable-password-authentication-in-ssh\/#How_to_Disable_Password_Authentication_in_SSH\" >How to Disable Password Authentication in SSH<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-9\" href=\"https:\/\/mainvps.net\/blog\/enable-or-disable-password-authentication-in-ssh\/#Step_1_Ensure_SSH_Key_Authentication_Works_First\" >Step 1: Ensure SSH Key Authentication Works First<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-10\" href=\"https:\/\/mainvps.net\/blog\/enable-or-disable-password-authentication-in-ssh\/#Step_2_Open_the_SSH_Configuration_File_Again\" >Step 2: Open the SSH Configuration File Again<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-11\" href=\"https:\/\/mainvps.net\/blog\/enable-or-disable-password-authentication-in-ssh\/#Step_3_Restart_SSH_and_Test_It\" >Step 3: Restart SSH and Test It<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-12\" href=\"https:\/\/mainvps.net\/blog\/enable-or-disable-password-authentication-in-ssh\/#Why_Disable_Password_Authentication\" >Why Disable Password Authentication?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-13\" href=\"https:\/\/mainvps.net\/blog\/enable-or-disable-password-authentication-in-ssh\/#Tips_to_Avoid_Locking_Yourself_Out\" >Tips to Avoid Locking Yourself Out<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-14\" href=\"https:\/\/mainvps.net\/blog\/enable-or-disable-password-authentication-in-ssh\/#Final_Thoughts\" >Final Thoughts<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-15\" href=\"https:\/\/mainvps.net\/blog\/enable-or-disable-password-authentication-in-ssh\/#FAQs\" >FAQs<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-16\" href=\"https:\/\/mainvps.net\/blog\/enable-or-disable-password-authentication-in-ssh\/#1_Can_I_use_both_password_and_key_authentication_together\" >1. Can I use both password and key authentication together?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-17\" href=\"https:\/\/mainvps.net\/blog\/enable-or-disable-password-authentication-in-ssh\/#2_What_happens_if_I_disable_password_login_and_lose_my_SSH_key\" >2. What happens if I disable password login and lose my SSH key?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-18\" href=\"https:\/\/mainvps.net\/blog\/enable-or-disable-password-authentication-in-ssh\/#3_Is_SSH_over_password_authentication_safe_for_production\" >3. Is SSH over password authentication safe for production?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-19\" href=\"https:\/\/mainvps.net\/blog\/enable-or-disable-password-authentication-in-ssh\/#4_How_can_I_check_if_SSH_password_login_is_currently_enabled\" >4. How can I check if SSH password login is currently enabled?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-20\" href=\"https:\/\/mainvps.net\/blog\/enable-or-disable-password-authentication-in-ssh\/#5_Whats_the_best_way_to_secure_SSH\" >5. What\u2019s the best way to secure SSH?<\/a><\/li><\/ul><\/li><\/ul><\/nav><\/div>\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"What_is_SSH_and_Password_Authentication\"><\/span><strong>What is SSH and Password Authentication?<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p><a href=\"https:\/\/mainvps.net\/blog\/ssh-vs-rdp\/\">SSH<\/a> (Secure Shell) is your encrypted tunnel to remotely access servers. Think of it like a secure secret pathway from your computer to a remote machine. Password authentication is one method to verify identity \u2014 you enter a username and password combo to log in. It&#8217;s simple, widely used, and familiar \u2014 but not the most secure option.<\/p>\n\n\n\n<p>There\u2019s also <strong>SSH key authentication<\/strong>, which is more secure and faster. But sometimes, password authentication is more practical \u2014 especially for new users, temporary access, or internal systems.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"How_to_Enable_Password_Authentication_in_SSH\"><\/span><strong>How to Enable Password Authentication in SSH<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Maybe you&#8217;re troubleshooting, onboarding a user who doesn&#8217;t have SSH keys, or you&#8217;re on a test machine \u2014 whatever the reason, <strong>enabling password login<\/strong> is straightforward.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Step_1_Log_In_and_Open_the_SSH_Configuration_File\"><\/span><strong>Step 1: Log In and Open the SSH Configuration File<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Log into your server using SSH (with a key or password if still enabled).<\/li>\n\n\n\n<li style=\"font-size:18px\">Open the SSH configuration file in a text editor: <br>bash<br><code>sudo nano \/etc\/ssh\/sshd_config<\/code><\/li>\n<\/ol>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Step_2_Modify_SSH_Settings\"><\/span><strong>Step 2: Modify SSH Settings<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>Look for the line:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\" style=\"font-size:18px\">nginx<br>PasswordAuthentication no<br><\/pre>\n\n\n\n<p>Change it to:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\" style=\"font-size:18px\">nginx<br>PasswordAuthentication yes<br><\/pre>\n\n\n\n<p>Also, ensure the following line is either uncommented or set to <code>yes<\/code>:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\" style=\"font-size:18px\">nginx<br>ChallengeResponseAuthentication yes<br><\/pre>\n\n\n\n<p>And confirm this line is present:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\" style=\"font-size:18px\">nginx<br>UsePAM yes<\/pre>\n\n\n\n<p>These settings allow Linux to authenticate users via password and <a href=\"https:\/\/www.beyondtrust.com\/resources\/glossary\/privileged-access-management-pam\" target=\"_blank\" rel=\"noopener\">PAM<\/a> (Pluggable Authentication Modules), which is essential for local user verification.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Step_3_Restart_the_SSH_Service\"><\/span><strong>Step 3: Restart the SSH Service<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>Save the file (Ctrl + O, then Enter, then Ctrl + X) and restart SSH:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\" style=\"font-size:18px\">bash<br>sudo systemctl restart ssh<\/pre>\n\n\n\n<p>SSH will now accept password logins.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Step_4_Test_Your_Changes\"><\/span><strong>Step 4: Test Your Changes<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>Before you close your current session, open <strong>another terminal<\/strong> and try logging in:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\" style=\"font-size:18px\">bash<br>ssh youruser@your-server-ip<\/pre>\n\n\n\n<p>If prompted for a password, congrats! It\u2019s working.<\/p>\n\n\n\n<p><strong>Important:<\/strong> Never log out of your active SSH session until you&#8217;ve confirmed that the password login works properly \u2014 otherwise, you risk locking yourself out.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"When_Should_You_Enable_Password_Authentication\"><\/span><strong>When Should You Enable Password Authentication?<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>You&#8217;re setting up a new user who hasn&#8217;t created SSH keys<\/li>\n\n\n\n<li>You&#8217;re working in a closed network with low security risk<\/li>\n\n\n\n<li>You&#8217;re troubleshooting or doing temporary testing<\/li>\n\n\n\n<li>You&#8217;re using automation or legacy tools that require passwords<\/li>\n<\/ul>\n\n\n\n<p>Just remember: <strong>enable it responsibly<\/strong>, and always use <strong>strong passwords<\/strong> with at least 12\u201316 characters, including symbols and numbers.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"How_to_Disable_Password_Authentication_in_SSH\"><\/span><strong>How to Disable Password Authentication in SSH<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Now let\u2019s talk security. If you want to take your server\u2019s protection to the next level, <strong>disabling password authentication<\/strong> is the way to go. It blocks brute-force login attempts, makes SSH harder to exploit, and forces the use of SSH keys \u2014 which are far more secure.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Step_1_Ensure_SSH_Key_Authentication_Works_First\"><\/span><strong>Step 1: Ensure SSH Key Authentication Works First<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>Before you even think about disabling passwords:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Make sure your SSH public key is copied to the server.<\/li>\n\n\n\n<li>You should be able to log in using <code>ssh youruser@your-server-ip<\/code> without entering a password.<\/li>\n<\/ul>\n\n\n\n<p>If you haven\u2019t done this yet, use:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\" style=\"font-size:18px\">bash<br>ssh-copy-id youruser@your-server-ip<\/pre>\n\n\n\n<p>This will place your public key in the correct location (<code>~\/.ssh\/authorized_keys<\/code>) on the server.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Step_2_Open_the_SSH_Configuration_File_Again\"><\/span><strong>Step 2: Open the SSH Configuration File Again<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>Use the terminal to edit the SSH config:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\" style=\"font-size:18px\">bash<br>sudo nano \/etc\/ssh\/sshd_config<\/pre>\n\n\n\n<p>Find these lines and update them:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\" style=\"font-size:18px\">nginx<br>PasswordAuthentication no<br>ChallengeResponseAuthentication no<br>UsePAM yes<\/pre>\n\n\n\n<p>Make sure SSH key authentication is enabled:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\" style=\"font-size:18px\">nginx<br>PubkeyAuthentication yes<\/pre>\n\n\n\n<p>This setup will ensure that only users with a valid SSH key can log in.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Step_3_Restart_SSH_and_Test_It\"><\/span><strong>Step 3: Restart SSH and Test It<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>Restart the SSH service:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\" style=\"font-size:18px\">bash<br>sudo systemctl restart ssh<\/pre>\n\n\n\n<p>Now \u2014 and this is crucial \u2014 test your login <strong>in a new terminal<\/strong> to confirm it works with your SSH key:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\" style=\"font-size:18px\">bash<br>ssh youruser@your-server-ip<\/pre>\n\n\n\n<p>If it connects without asking for a password, you&#8217;re golden.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Why_Disable_Password_Authentication\"><\/span><strong>Why Disable Password Authentication?<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Security:<\/strong> Prevent brute-force and dictionary attacks.<\/li>\n\n\n\n<li><strong>Control:<\/strong> Only authorized devices with SSH keys can access the server.<\/li>\n\n\n\n<li><strong>Speed:<\/strong> Login is faster with keys and more reliable for automation.<\/li>\n<\/ul>\n\n\n\n<p>This is especially important if your server is exposed to the internet \u2014 like on AWS, DigitalOcean, Linode, etc.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Tips_to_Avoid_Locking_Yourself_Out\"><\/span><strong>Tips to Avoid Locking Yourself Out<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Always test changes in a second SSH session before closing the first<\/li>\n\n\n\n<li>Keep a backup of your SSH config file: bashCopyEdit<code>sudo cp \/etc\/ssh\/sshd_config \/etc\/ssh\/sshd_config.bak<\/code><\/li>\n\n\n\n<li>Use a cloud provider\u2019s recovery console if needed<\/li>\n\n\n\n<li>Ensure all necessary users have their public keys added beforehand<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Final_Thoughts\"><\/span><strong>Final Thoughts<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Enabling or disabling SSH password authentication boils down to this: <strong>convenience vs. security.<\/strong><\/p>\n\n\n\n<p>If you&#8217;re in a secure environment or onboarding new users, passwords might make sense. But for any serious deployment, especially on public servers, SSH key-based login is the clear winner.<\/p>\n\n\n\n<p>Learn to switch between the two based on what your setup demands. And always prioritize <strong>backups, strong user management, and security hygiene<\/strong> when managing SSH access.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"FAQs\"><\/span><strong>FAQs<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"1_Can_I_use_both_password_and_key_authentication_together\"><\/span><strong>1. Can I use both password and key authentication together?<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>Yes! You can have both enabled in <code>sshd_config<\/code>:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\" style=\"font-size:18px\">bash<br>PasswordAuthentication yes<br>PubkeyAuthentication yes<\/pre>\n\n\n\n<p>But for better security, choose one \u2014 preferably SSH keys.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"2_What_happens_if_I_disable_password_login_and_lose_my_SSH_key\"><\/span><strong>2. What happens if I disable password login and lose my SSH key?<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>You\u2019ll be locked out unless:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>You have physical access to the machine<\/li>\n\n\n\n<li>You use a cloud provider with recovery console<\/li>\n\n\n\n<li>You\u2019ve added another user with working <a href=\"https:\/\/mainvps.net\/blog\/ssh-explained-secure-remote-access\/\">SSH<\/a> access<\/li>\n<\/ul>\n\n\n\n<p>Always keep backup keys in secure places.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"3_Is_SSH_over_password_authentication_safe_for_production\"><\/span><strong>3. Is SSH over password authentication safe for production?<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>Not really. It\u2019s not recommended. Passwords can be guessed or stolen. SSH keys are far more secure for production use.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"4_How_can_I_check_if_SSH_password_login_is_currently_enabled\"><\/span><strong>4. How can I check if SSH password login is currently enabled?<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>Run:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\" style=\"font-size:18px\">bash<br>sudo grep -Ei 'passwordauthentication|challenge' \/etc\/ssh\/sshd_config<\/pre>\n\n\n\n<p>If <code>PasswordAuthentication<\/code> or <code>ChallengeResponseAuthentication<\/code> is set to <code>yes<\/code>, then it\u2019s enabled.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"5_Whats_the_best_way_to_secure_SSH\"><\/span><strong>5. What\u2019s the best way to secure SSH?<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Disable password logins<\/li>\n\n\n\n<li>Use SSH keys with passphrases<\/li>\n\n\n\n<li>Disable root login (<code>PermitRootLogin no<\/code>)<\/li>\n\n\n\n<li>Change default port (from 22 to something else)<\/li>\n\n\n\n<li>Use firewall rules and Fail2Ban for extra protection<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Managing SSH access is among the most crucial tasks for anyone working on Linux servers.&nbsp;When you&#8217;re establishing a new&nbsp;VPS&nbsp;or running a laboratory at home, or overseeing <a class=\"read-more-link\" href=\"https:\/\/mainvps.net\/blog\/enable-or-disable-password-authentication-in-ssh\/\">Read More<\/a><\/p>\n","protected":false},"author":4,"featured_media":11485,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[195],"class_list":["post-11226","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-web-hosting","tag-ssh"],"_links":{"self":[{"href":"https:\/\/mainvps.net\/blog\/wp-json\/wp\/v2\/posts\/11226","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mainvps.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mainvps.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mainvps.net\/blog\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/mainvps.net\/blog\/wp-json\/wp\/v2\/comments?post=11226"}],"version-history":[{"count":2,"href":"https:\/\/mainvps.net\/blog\/wp-json\/wp\/v2\/posts\/11226\/revisions"}],"predecessor-version":[{"id":11468,"href":"https:\/\/mainvps.net\/blog\/wp-json\/wp\/v2\/posts\/11226\/revisions\/11468"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/mainvps.net\/blog\/wp-json\/wp\/v2\/media\/11485"}],"wp:attachment":[{"href":"https:\/\/mainvps.net\/blog\/wp-json\/wp\/v2\/media?parent=11226"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mainvps.net\/blog\/wp-json\/wp\/v2\/categories?post=11226"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mainvps.net\/blog\/wp-json\/wp\/v2\/tags?post=11226"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}