I have an Ubuntu server hosted on DigitalOcean, I have been using SSH keys since

Question

I have an Ubuntu server hosted on DigitalOcean, I have been using SSH keys since the very beginning. (You can chose for it to be setup before the server instance has even been created). So I have never logged in remotely with a password.

I just checked my logs, and as expected there are hundreds of login attempts. I know I can install something like fail2ban, but I was just wondering if there actually is a password for it? I have never set one up, so I just assumed it would only be possible to login with an SSH Key.

How can I check this? If there is one, is it possible to just disable it?

Explanation / Answer

but I was just wondering if there actually is a password for it?

Yes. SSH uses your system users (that's the whole idea of it, to allow users to remotely access a systems account), so there is a password for it (stored in /etc/shadow)

If there is one, is it possible to just disable it?

Yes. You can (and should, as you are not using your password as you don't even know it) set PasswordAuthentication no in your SSH config file (/etc/ssh/ssh_config for global, ~/.ssh/config for user specific config). Afterwards you need to restart SSH for it to take affect (sudo /etc/init.d/ssh restart)

Related Questions

Navigate

• Browse (All)
• Browse I
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.