avatarStringMeteor

Summary

This article provides a step-by-step guide on how to secure SSH Remote Login on macOS by disabling password authentication and enabling public key authentication.

Abstract

The article discusses the importance of securing SSH servers by disabling password authentication and only allowing access via secure public key authentication. It provides a detailed guide on how to make changes to the SSH server configuration file on macOS to achieve this. The guide includes steps such as opening the Terminal app, editing the SSH server configuration file, and changing the PasswordAuthentication setting from yes to no. The article also provides an alternative method for disabling password authentication using a shell script. After completing the steps, users will only be able to access the server using a private key that is paired with a public key that has been added to the server’s authorized keys file. The article concludes by providing further reading on related topics.

Bullet points

  • Disabling password authentication is an effective way to secure an SSH server.
  • Changes need to be made to the SSH server configuration file to disable password authentication.
  • The guide provides step-by-step instructions on how to edit the SSH server configuration file on macOS.
  • The PasswordAuthentication setting needs to be changed from yes to no in the SSH server configuration file.
  • After completing the steps, users will only be able to access the server using a private key that is paired with a public key.
  • The article provides an alternative method for disabling password authentication using a shell script.
  • Further reading on related topics is provided at the end of the article.

Security

Secure Your macOS Remote SSH Access by Disabling Password Login

How to secure the SSH Remote Login feature on macOS in a few simple steps.

One of the most effective ways to secure an SSH server is to disable password authentication and only allow access via secure public key authentication. To do that it is necessary to perform some changes to a single configuration file present in your system. In this article I’ll show you how to do it in a few simple steps.

Photo by LEEROY Agency from Pixabay

Step-by-step guide

Follow these steps to change the default access behavior:

  1. Open the Terminal app on your macOS system.
  2. Run the following command to edit the SSH server configuration file:
sudo nano /etc/ssh/sshd_config

In the sshd_config file, locate the PasswordAuthentication setting and change its value from yes to no:

# Change these options:

# PasswordAuthentication yes

# This option appears only in old versions of macOS
# ChallengeResponseAuthentication yes

# This option appears only in new versions of macOS
# KbdInteractiveAuthentication yes
# To this:

PasswordAuthentication no

# This option appears only in old versions of macOS
ChallengeResponseAuthentication no

# This option appears only in new versions of macOS
KbdInteractiveAuthentication no

3. Save the changes to the sshd_config file by pressing CTRL+O and then CTRL+X to exit the text editor.

4. Now head to the Settings app and to the Sharing pane options. Disable and re-enable the Remote Login option.

After completing these steps, password authentication will be disabled for SSH on your macOS system. This means that users will only be able to access the server using a private key that is paired with a public key that has been added to the server’s authorized keys file. This provides an extra layer of security, as it ensures that only users with a valid private key can gain access to the server.

Shell script for the lazy — alternative to manual editing config files

Are you too lazy for manually editing configuration files to disable password authentication for SSH on your macOS system? Let this shell script do the work for you! This pre-crafted script makes it easy to disable password authentication without touching system configuration files.

Remember, also in this case, to disable and re-enable Remote Login from the Settings app.

I hope this article has provided you with some useful tips for improving the security of your SSH Remote Login on macOS. If you’re interested in further improving it, be sure to check out th next article on the subject. In it, I’ll show you how to change the default listing port for the SSH Remote Login:

And if you’ve encountered any issues replicating the steps in this article on your Mac, feel free to leave a comment below. So stay tuned, and keep your remote access secure!

If you liked 👏 this article you may enjoy reading through some of my other articles. Oh, and don’t forget to follow me! 🫵

Further reading

Below, you can find a list of related articles:

Ssh
Macos
Networking
Cybersecurity
Technology
Recommended from ReadMedium