WARNING: This step will lock down password-based logins, so ensuring that you will still be able to get administrative access is crucial.
Before proceeding, make sure that you do, indeed, have SSH-key authentication access configured for at least one user with sudo privileges.
NOTE: Best practice is that the configured administrative user is not actually the root user. But, is a non-root user, with sudo privileges.
**Note:** If you are setting up a DigitalOcean VM, and provided an SSH key when creating a droplet, password authentication may have been automatically disabled. You can still verify this by reading on.
Once you’ve confirmed that your remote account has administrative privileges (has sudo access), log into your remote server with SSH keys. Then, open up the SSH daemon’s configuration file: ```bash sudo nano /etc/ssh/sshd_config ``` Inside the SSH config file, search for a directive called `PasswordAuthentication`. This line may be commented out with a `#` at the beginning of the line. Uncomment the line by removing the `#`, and set the value to `no`. This will disable your ability to log in via SSH using account passwords: ```bash . . . PasswordAuthentication no . . . ``` Save and close the config file when you are finished by pressing `CTRL+X`, then `Y` to confirm saving the file. To actually activate the updated SSH config changes, we need to restart the `sshd` service: ```bash sudo systemctl restart ssh ``` As a precaution, open up a new terminal window and test that the SSH service is functioning correctly before closing your current session: ```bash ssh username@remote_host ``` Once you have verified your SSH service is functioning properly, you can safely close all current server sessions. The SSH daemon on your Ubuntu server now only responds to SSH-key-based authentication. Password-based logins have been disabled.