Lockdown Lab #7 CRITICAL Linux (Ubuntu/RHEL)

Enforce SSH key-based authentication

Enforce SSH key-based authentication

Let’s talk about the lowest hanging fruit for botnets: password-based SSH. If you’re still allowing it, you’re not just leaving a door open; you’re putting out a welcome mat for Mirai and its cousins. This isn’t theoretical; it’s the number one vector for automated attacks.

The 2024 XZ Utils backdoor attempt underscored how critical defense-in-depth is, especially for foundational services. Password authentication for SSH is archaic and dangerous, especially when public key infrastructure is so readily available and secure.

The fix is simple, effective, and mandatory. Disable password authentication entirely.

In your sshd_config: PasswordAuthentication no PubkeyAuthentication yes

Then restart your SSH daemon: sudo systemctl restart sshd

If you’re not doing this, you’re operating with a critical vulnerability that’s easily exploitable. This is basic hygiene, not advanced security.

Go check your configs. Now.

The fix

# /etc/ssh/sshd_config

PasswordAuthentication no

PubkeyAuthentication yes

# Restart sshd

sudo systemctl restart sshd

Reference: CIS Linux Benchmark 5.2.12

Mark this as done

Open the interactive hardening checklist and tick this off in your environment.

Open interactive checklist →

Related Posts

Enable MFA for all users

If a single stolen password can unlock your entire Azure estate, you're not just at risk, you're practically inviting disaster. This isn't theoretical; this is...

lockdown-labhardeningazureidentity
/Shimi Cohen

Enable MFA for all users

If I had a nickel for every breach that started with a single compromised password, I'd have retired years ago. It's the oldest trick in...

lockdown-labhardeningazureidentity
/Shimi Cohen

Enable MFA on root account

Let's talk about the keys to the kingdom. Your AWS root account is exactly that – unrestricted access to everything, including billing. I've seen organizations...

lockdown-labhardeningawsidentity
/Shimi Cohen