mico/systems-guide
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Locking password auth for admin user

Browse Source
This commit is contained in:
mic0 2025-11-26 18:12:29 +01:00
parent ba46a5e80f
commit e168e78b31
No known key found for this signature in database
GPG Key ID: 8E103C91321755A8
1 changed files with 16 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
00_setup.md
View File

@ -92,6 +92,19 @@ nvim .ssh/authorized_keys # paste relevant SSH public keys in here
Try opening a new terminal and ssh-ing into `admin` user on the server, it should work.
### Locking the `admin` account password login
⚠️ *Be sure you can SSH with another sudo enabled account like `root` otherwise you WILL LOCK YOURSELF out of the machine.*
Run the following one-liner:
```sh
echo -e '\nMatch User admin\n PasswordAuthentication no' | sudo tee -a /etc/ssh/sshd_config > /dev/null && \
sudo sshd -t && sudo systemctl restart sshd
```
It will add an entry to the end of the file for user `admin` that prohibits logging in with user/pass.
### Locking the `root` account
⚠️ *Be sure you can SSH with another sudo enabled account like `admin` otherwise you WILL LOCK YOURSELF out of the machine.*
@ -100,8 +113,9 @@ Go back to `root` account now, otherwise you will need to `sudo` the commands be
The following commands will lock out the root by configuring `/etc/ssh/sshd_config` file.
```sh
sed -i 's/#PermitRootLogin.*/PermitRootLogin no/' /etc/ssh/sshd_config
sed -i 's/#PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config
sed -i 's/PermitRootLogin.*/PermitRootLogin no/' /etc/ssh/sshd_config &&
sed -i 's/#PermitRootLogin.*/PermitRootLogin no/' /etc/ssh/sshd_config &&
sed -i 's/PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config &&
systemctl restart sshd
````