How to Disable SSH Password Authorization Tweak in WHM
The SSH Password Authorization Tweak in WHM allows you to disable password-based SSH login, forcing users to authenticate using SSH keys instead. This significantly improves server security by preventing brute-force attacks.
Why Disable SSH Password Authentication?
- Prevents brute-force attacks: Bots constantly attempt to guess SSH passwords. Key-based auth eliminates this risk.
- Stronger security: SSH keys are cryptographically much stronger than passwords.
- Compliance: Many security standards require key-based authentication.
Method 1: Via WHM Interface
- Log in to your cPanel/WHM.
- Search for "SSH" in the search bar.
- Click on "SSH Password Authorization Tweak".
- Click the "Disable" button.
Method 2: Via SSH Command Line
Edit the SSH daemon configuration directly:
# Open the SSH config file nano /etc/ssh/sshd_config # Find and change the following line: PasswordAuthentication yes # Change it to: PasswordAuthentication no # Save the file and restart SSH systemctl restart sshd
Important: Set Up SSH Keys First!
Before disabling password authentication, make sure you have SSH key-based access configured. Otherwise, you will lock yourself out of the server.
Generate an SSH Key Pair
# On your local machine ssh-keygen -t rsa -b 4096 # Copy the public key to your server ssh-copy-id root@your-server-ip
Test Key-Based Login
ssh root@your-server-ip
If you can log in without entering a password, key-based authentication is working and it is safe to disable password auth.
Video Tutorial
Watch the full tutorial: https://www.youtube.com/watch?v=nACPSPn46Nw
