SSH: Allow only certain users to login with password

I got tired of the SSH failed login spam most public servers get. Allowing password login only for the users who really need it is an easy way to reduce login spam and also shrink the server's attack surface somewhat.

Create the specified user group and add users to it:

# groupadd -r password
# usermod -G password <user>

Append to /etc/ssh/sshd_config:

# Can't login with a password if not a member of the group "password"
PasswordAuthentication no
Match group password
    PasswordAuthentication yes

Also check that there are no other PasswordAuthentication directives effective in the file. Restart sshd. Test the login before killing existing connections.

{{ message }}

{{ 'Comments are closed.' | trans }}