🤑 Join the Treehouse affiliate program and earn 25% commission!

✨ No-code curious? Check out 4 new FREE Adalo courses and start building an app in minutes — no code required!

🌟 Dreaming of a bright future? 🎓 Ask about the Treehouse Scholarship program! 🚀

Well done!

You have completed App Deployment Accounts!

Sign up for Treehouse Back to Library

Preview

Sign up for Treehouse

Preventing Password and Root Logins

2:52 with Jay McGavren

There are two more steps we should take to secure our server. First, since we want all our users to use SSH keys, we should prevent *any* user from logging in using a password. Second, it's still possible for someone to log in as the `root` account (which has full control of the system) if they can guess the password, so it's best to disable logging in as `root` completely.

Teacher's Notes
Questions?
Video Transcript
Downloads
Workspaces

On the server: sudo nano /etc/ssh/sshd_config and modify or add the following settings:
- PermitRootLogin: no
- PasswordAuthentication: no
sudo service ssh restart

Related Discussions

Have questions about this video? Start a discussion with the community and Treehouse staff.

Sign up

Related Discussions

Have questions about this video? Start a discussion with the community and Treehouse staff.

Sign up

There's two more issues we need to address before we're done. 0:00

The first is that even though we've set up an ssh key for 0:03

our deployment user a password can still be used to log into that account. 0:06

The second is that people can still log in as the system administrative account 0:11

also known as root. 0:15

We're going to fix both those issues to make our system a little more secure. 0:16

Now that we have sudo access set up for 0:20

our deployed count,we can just use that instead of our developer account. 0:22

So we're going to use sudo to run the nano command. 0:26

And we're going to use that to edit the file in the etc directory, 0:32

ssh sub directory and the file is named sshd_config. 0:37

Okay so that'll bring the file up in our editor, and the setting we're looking for 0:45

here is the PermitRootLogin setting. 0:50

Right here, it's set to prohibit-password so 0:53

that you can't log in as root using a password. 0:55

It might be set to yes on your system which would allow root to login 0:58

using a password which is even worse. 1:01

But we actually want to change this setting whatever it's currently set to 1:03

to no. 1:07

So that you can't log in as root on the system at all. 1:08

Then below that line. 1:12

We're going to add a new line with a new setting. 1:13

It's called PasswordAuthentication, With a capital P and a capital A. 1:16

And we're going to say no, 1:26

PasswordAuthentication is not allowed on this system. 1:27

This will make it so 1:31

that only users with SSH keys are allowed to log in at the system. 1:32

So let's hit Ctrl + O to write the file out. 1:37

Hit Enter and accept the default and press Ctrl + X to exit. 1:40

Then we need to restart the SSH service to ensure that our changes get picked up. 1:46

So we're going to run sudo service ssh restart. 1:49

Now let's exit out of the server. 1:57

And let's check that our changes worked. 2:01

First, we're going to try logging in using our developer account. 2:02

So ssh jay@hostcom. 2:05

And you'll notice that it didn't even ask me for a password, 2:13

it just checks whether I had a public key associated with my account. 2:16

And since I didn't, it simply denied me. 2:19

Now let's try logging back in and start deploy user which does have a private key. 2:22

So ssh deploy@hostcom. 2:26

And you'll notice we get in immediately. 2:31

So we've set it up, so that the root account is disabled. 2:34

We've also ensured that only uses that have ssh keys setup can access the system. 2:37

So now you have a separate deployment account with full control over your server 2:42

ready for use whenever you need to deploy your app. 2:46

You've taken an important step in keeping your app secure. 2:49

You need to sign up for Treehouse in order to download course files.

Sign up

You need to sign up for Treehouse in order to set up Workspace

Sign up