Force SSH to ask password when using keys for authentication

This is for those of you who want to know how to force SSH to ask for a password (not the user login password), the one used to create the public and private key pair using OpenSSH.

You can force SSH to ask for the key password by modifying the files /etc/ssh/sshd_config and /etc/ssh/ssh_config. In the bargain, you get real strong authentication security, with better immunity to brute-force attacks.

In /etc/ssh/sshd_config, do following:
# vi /etc/ssh/sshd_config
Protocol 2
HostKeys all remarked with #
PermitRootLogin no
StrictModes yes
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
PasswordAuthentication no
:wq

# vi /etc/ssh/ssh_config
Protocol 2
:wq

Restart the SSH daemon on your computer (command could vary between Linux distributions).
# /sbin/service sshd restart

Do not attempt to log in using SSH from the client, but first logout and then log back in again.
Now you can test your SSH configuration from the remote computer.
You should be asked for the key pair password.

If you do not get to the SSH host, then you will need to cross-check the iptables firewall settings on the SSH host and open port 22 on it.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s