Disable Root Password Login: Setup SSH Keys on AlmaLinux 9
Did you know that within minutes of spinning up a new VPS, bots are already attacking it? If you check your server logs (/var/log/secure), you will likely see thousands of failed login attempts from random IP addresses trying to guess your root password.
If your password is something simple like "server123", they will get in. And once they do, your server becomes part of a botnet.
The solution? SSH Keys. This method uses a cryptographic file pair instead of a password. It is mathematically impossible to brute-force, making your server virtually impenetrable.
Step 1: Generate Key (On Your Laptop)
First, we need to create a key pair. Think of this as a lock and a key. You keep the Key (Private), and you put the Lock (Public) on the server.
Open your local terminal (CMD or PowerShell) and run:
ssh-keygen -t rsa -b 4096Press Enter to save to the default location. You can verify it exists by checking your .ssh folder.
Step 2: Upload Key to Server
Now, let's install the "Lock" on your server. Use this command to send your public key:
ssh-copy-id root@your-server-ipStep 3: Disable Password Login (The Important Part)
Once you confirm you can login simply by typing ssh root@your-ip (without being asked for a password), it is time to lock the door for everyone else.
Edit the SSH config file:
nano /etc/ssh/sshd_configFind and change these lines to ensure no one can try to guess a password ever again:
PasswordAuthentication no
PermitRootLogin prohibit-passwordRestart SSH to apply changes:
systemctl restart sshdNow, even if a hacker knows your username, they cannot even attempt to login without your physical key file.
Author: Danang | Daily Innovate Tech
Post a Comment for "Disable Root Password Login: Setup SSH Keys on AlmaLinux 9"