On linux servers, it is recommended to use public-key authentication rather than password authentication for SSH. This is especially true for when port 22 or SSH will be open to off-campus access through the UCI border firewall.
You can simply copy and paste the below code to download a script that we've set up for this purpose and execute it with sudo:
curl -O -L https://sites.socsci.uci.edu/~jnilsson/sscs/setup-sscs-account.sh chmod +x ./setup-sscs-account.sh sudo ./setup-sscs-account.sh
Or if you prefer to run commands yourself, these are the equivalent commands:
SSCS_HOME=/home/sscs sudo useradd -c "Computing Services" -m -d $SSCS_HOME -s /bin/bash sscs echo "sscs ALL=(ALL) ALL" | sudo tee /etc/sudoers.d/sscs > /dev/null sudo mkdir -p $SSCS_HOME/.ssh sudo chmod 700 $SSCS_HOME/.ssh sudo touch $SSCS_HOME/.ssh/authorized_keys sudo chmod 600 $SSCS_HOME/.ssh/authorized_keys sudo chown -R sscs:sscs $SSCS_HOME/.ssh echo "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPWfC91AllbEn9VYT9a0838A/55rWtrSY/dm48fedc38 jnilsson@storgy.local" | sudo tee -a $SSCS_HOME/.ssh/authorized_keys echo "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDoygQr0UQLtpguLWJYiEBZWXUFEkUXVacE6sBZtn/6Z jnilsson@devjpn" | sudo tee -a $SSCS_HOME/.ssh/authorized_keys echo "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKH3jg7avVgdyx1jltUp9nJ02DOE9XH3hfcGBQI6KrVs sscs@gunship" | sudo tee -a $SSCS_HOME/.ssh/authorized_keys echo "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBqAc8VSY9DFEzzumkn1d2S1ytpYOWHSJkbOWN1HjFQR sscs@crateria" | sudo tee -a $SSCS_HOME/.ssh/authorized_keys echo "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC4u9RrufB93/AS2lsBVet4+U5rizO8noDKTSHhcLmli justip6@Zaire" | sudo tee -a $SSCS_HOME/.ssh/authorized_keys echo "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIErG9uQN2VUNqIjNowRw1J18T8dORd2HhJi3zl9Vs7+t justip6@zeon.ss2k.uci.edu" | sudo tee -a $SSCS_HOME/.ssh/authorized_keys
If you don't want the home directory to be /home/sscs, you can easily set your own SSCS_HOME variable to whatever location you choose and then copy/paste the rest of the commands. Or if you download the setup-sscs-account.sh script and you want to change the location of the sscs account home directory, modify the script accordingly before executing it.
Disabling Password Authentication is generally as simple as setting the option PasswordAuthentication no in the /etc/ssh/sshd_config file and then restarting the sshd service.
However, we've discovered that some linux distributions add another configuration file /etc/ssh/sshd_config.d/50-cloud-init.conf which contains PasswordAuthentication yes to force password authentication to be enabled.
Therefore, the easiest way to universally disable password authentication is to create a new file that sorts lexicographically before any other files that might be created in there, such as 00-disable-password-auth.conf:
PasswordAuthentication no
After setting the PasswordAuthentication option to no you must reload the sshd daemon to get this setting to take effect:
systemctl reload ssh
systemctl reload sshd