https://help.ubuntu.com/community/SSH/OpenSSH/Configuring
Disable Password Authentication
Because a lot of people with SSH servers use weak passwords, many online attackers will look for an SSH server, then start guessing passwords at random. An attacker can try thousands of passwords in an hour, and guess even the strongest password given enough time. The recommended solution is to use SSH keys instead of passwords. To be as hard to guess as a normal SSH key, a password would have to contain 634 random letters and numbers. If you’ll always be able to log in to your computer with an SSH key, you should disable password authentication altogether.
If you disable password authentication, it will only be possible to connect from computers you have specifically approved. This massively improves your security, but makes it impossible for you to connect to your own computer from a friend’s PC without pre-approving the PC, or from your own laptop when you accidentally delete your key.
It’s recommended to disable password authentication unless you have a specific reason not to.
To disable password authentication, look for the following line in your sshd_config file:
#PasswordAuthentication yesreplace it with a line that looks like this:
PasswordAuthentication no
Once you have saved the file and restarted your SSH server, you shouldn’t even be asked for a password when you log in.
Restart OpenSSH server
Type the following command:
$ sudo /etc/init.d/ssh restartOR
$ sudo service ssh restart
574
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
