all following changes was made in sshd_config
and you need root permission to do this. Open file with sudo nano /etc/ssh/sshd_config
or any other editor.
Disable root access#
Before you do this step, make sure you have another user that is in sudo
gorup. Check Initial Server Setup on Cloud Services post if you need help with that.
Now open sshd_config
file and find and uncomment following line
# ...
PermitRootLogin no
# ...
Save this file and restart ssh server
sudo systemctl restart ssh
From now on, you will not be able to connect to your server with root
user.
Disable password access#
It is good security practice to enable access to your SSH server only with certificates. To set-up this feature check Settig Up SSH Keys for Ubuntu post.
Do not forget your password as you will need it when you trying to run commands in as privileged user.
Enable password Authentication for specific users#
In certain situations you will need to enable password authentication for specific users.
Check Initial Server Setup on Cloud Services post if you need help with creating new user.
Do not adding this user to sudo
group because you weakening your security. My advice is to enable this feature if your need it really only for non root users and only for specific users.
To enable it edit sshd_config
file and add following lines at the end of file
Match User mia
PasswordAuthentication yes
This will allow to user mia
to login with her password but other users will need certificate for login.