0

I'm in the process of hardening the security of a root VPS that runs Ubuntu 24.04. The recent Ubuntu versions use socket-based activation, and from my understanding, they don't execute the sshd_config file, so changing this file is useless. I want to keep using the socket-based activation for SSH, as it seems faster and consumes fewer resources than sshd

I found out how to change the port to a custom port which is hard to guess, but I can't seem to find how to disable password authentication (my server was previously hacked through an easy password, and I don't wish this to repeat).

Note: By password authentication, I mean disable SSH access with password, allowing only public/private key based authentication.

Annis99
  • 3

2 Answers2

2

From the implementation announcement:

On new installs of Ubuntu 22.10 or later, the OpenSSH change in behavior should be completely transparent to users.

sshd_config is still read, is still the place to enable key-based authentication, and is still the place to disable password-based authentication.

The only config changes required by socked-based sshd are for complex setups (Port and ListenAddress settings). How to handle those is also explained in the announcement.

Everything else remains the same.

  • "socket-based sshd" simply means that sshd is not running continuously. Instead, systemd monitors the port and then starts sshd when an inbound connection attempt is detected. sshd still runs, still handles authentication, and still uses sshd settings.
user535733
  • 68,493
0

Read man sshd_config, and add "PasswordAuthentication no" to /etc/sshd_config (hint man sudoedit), then restart sshd.

waltinator
  • 37,856