How to disable password authentication and Create login alert in Linux

Small tips for securing a server with from SSH login

1. Disable Password Login

Edit /etc/ssh/sshd_config and set the following

Now you can only login via ssh keys. Generate your local keys using below command

Copy thee id_rsa.pub key to the remote server to where you want to ssh.

Then appened your id_rsa.pub in the user account on the server i.e. /root/.ssh/authorized_keys

2. Random Passwords

Set all user passwords to large pseudo-random strings.
i.e. I set all users on all servers with different passwords looking like this:
Z4Q7H6pI53Xtsbgs8qKC
20 random alpha-numeric characters (a-z, A-Z, 0-9)

see here for more passwords https://www.grc.com/passwords.htm
you can test the password with the brute force search space calculator with https://www.grc.com/haystack.htm

3. Login alerts by email

Every-time a user has logged in the system, you should get an email alert.
For that I do put login_alert.sh and appended it to the end of /etc/profile

Then create a file /etc/login_alert.sh

So you will get an email like this every time someone login to the server.

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS
The following two tabs change content below.

Tapas Mishra

Sr. Engineer (DevOps)
Loves to work on Opensource products. Having experience on Linux environment. Knowledge on Public cloud services like AWS, Rackspace, DigitalOcean, Linode. Please don't hesitate to give a comment on the posts. Your comments are my strength.

Leave a Reply