From e168e78b31268c275ad0200c4651d19818fcae3f Mon Sep 17 00:00:00 2001
From: mico <mic0@mic0.dev>
Date: Wed, 26 Nov 2025 18:12:29 +0100
Subject: [PATCH] Locking password auth for admin user

---
 00_setup.md | 18 ++++++++++++++++--
 1 file changed, 16 insertions(+), 2 deletions(-)

diff --git a/00_setup.md b/00_setup.md
index 6f377db..e4b58a8 100644
--- a/00_setup.md
+++ b/00_setup.md
@@ -92,6 +92,19 @@ nvim .ssh/authorized_keys # paste relevant SSH public keys in here
 
 Try opening a new terminal and ssh-ing into `admin` user on the server, it should work.
 
+### Locking the `admin` account password login
+
+⚠️ *Be sure you can SSH with another sudo enabled account like `root` otherwise you WILL LOCK YOURSELF out of the machine.*
+
+Run the following one-liner:
+
+```sh
+echo -e '\nMatch User admin\n    PasswordAuthentication no' | sudo tee -a /etc/ssh/sshd_config > /dev/null && \
+sudo sshd -t && sudo systemctl restart sshd
+```
+
+It will add an entry to the end of the file for user `admin` that prohibits logging in with user/pass.
+
 ### Locking the `root` account
 
 ⚠️ *Be sure you can SSH with another sudo enabled account like `admin` otherwise you WILL LOCK YOURSELF out of the machine.*
@@ -100,8 +113,9 @@ Go back to `root` account now, otherwise you will need to `sudo` the commands be
 The following commands will lock out the root by configuring `/etc/ssh/sshd_config` file.
 
 ```sh
-sed -i 's/#PermitRootLogin.*/PermitRootLogin no/' /etc/ssh/sshd_config
-sed -i 's/#PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config
+sed -i 's/PermitRootLogin.*/PermitRootLogin no/' /etc/ssh/sshd_config &&
+sed -i 's/#PermitRootLogin.*/PermitRootLogin no/' /etc/ssh/sshd_config &&
+sed -i 's/PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config &&
 systemctl restart sshd
 ````