webinstall.dev/sshd-prohibit-password Star on GitHub

SSH Prohibit Password: Because friends don't let friends ssh with passwords

https://webinstall.dev/sshd-prohibit-password| Installer Source| Releases (json) (tab)

Files

These are the files / directories that are created and/or modified with this install:

~/.config/envman/PATH.env
~/.local/bin/sshd-prohibit-password
/etc/ssh/sshd_config

Cheat Sheet

Will check if your system This will check if your Modern SSH deployments are key-only and don't allow root login. However, there's a lot of legacy systems out there.

sshd-prohibit-password will inspect /etc/ssh/sshd_config and

  1. Enforce that PasswordAuthentication is no
  2. Enforce that PermitRootLogin is no or prohibit-password
    (or without-password, for older systems)
  3. (macOS only) Enforce that UsePAM is no

This will run automatically and uses sudo to make changes.

What's checked and changed?

- #PasswordAuthentication yes
+ PasswordAuthentication no

- #PermitRootLogin yes
+ PermitRootLogin prohibit-password

  # macOS only
- UsePAM yes
+ UsePAM no

How to restart SSH?

# Ubuntu / Debian / RedHat
sudo systemctl restart sshd

# Alpine / Gentoo
sudo rc-service sshd restart

# macOS
sudo launchctl unload /System/Library/LaunchDaemons/ssh.plist
sudo launchctl load -w /System/Library/LaunchDaemons/ssh.plist

# others
killall sshd

Contribute

Report an Issue Submit Installer Star on GitHub