/ Security

Enable Password Based Authentication for SSH

Today I am going to show how we can enable password-based authentication for SSH on servers.
Server providers like Amazon and Digital Ocean, disable SSH password authentication by default. Amazon provides pem file and Digital Ocean ask for SSH keys during the server creation so you can only log in over SSH using public key authentication.

Following are the things required before you start the process:

  1. Already setup server.
  2. Public key file for server.
  3. Ubuntu OS.

Steps:

Following are the steps you need to follow to enable it

  1. Connect to SSH using the public key authentications
    $ ssh ubuntu@SERVER_IP_ADDRESS -i <publick-key>
  2. Setup password for user for whom you want to enable password based authentication to be enabled.
    $ sudo passwd <username>
    ex:
    $ sudo passwd ubuntu
    System would ask for password to set like as shown below
    set-password
  3. Now to enable SSH password authentication, you must SSH in as root to edit this file: /etc/ssh/sshd_config
    $ sudo nano /etc/ssh/sshd_config
  4. Then, change the line
    PasswordAuthentication no
    to
    PasswordAuthentication yes
    password-authentication
  5. After making that change, restart the SSH service by running the following command as root:
    $ sudo service ssh restart

Enable Logging In as root

Some providers also disable the ability to SSH in directly as root. In those cases, they created a different user for you that has sudo privileges (often named ubuntu). With that user, you can get a root shell by running the command.

  1. Access root user by
    $ sudo su
  2. Then set the password for root user by
    $ sudo passwd root or $ passwd root
    set-password-root
  3. Open the config file: /etc/ssh/sshd_config
    $ sudo nano /etc/ssh/sshd_config
    And change the line
    PermitRootLogin no
    to
    PermitRootLogin yes
    permit-root-login
  4. After making that change, restart the SSH service by running the following command as root:
    $ sudo service ssh restart

After performing the above steps now you can SSH to server using following commands
$ ssh ubuntu@SERVER_IP_ADDRESS
or for root user
$ ssh root@SERVER_IP_ADDRESS
And the system would ask for password, after that you are givn the access to the server.

The biggest advantage of this is we can access the server instance from any machine and we don't require any key-file. Where as in public-key authentication we need to have file on the machine to able to access instance.

Note: This methodology is useful for small and personal projects. It is not a good practise for enterprise applications.

Enable Password Based Authentication for SSH
Share this

Subscribe to Logicwind