I wasn’t aware of how often bots try to brute force their way in to web applications until I spun up my own VPS. By running the tail -f /var/log/auth.log command I can see current (failed) attempts to log in happening in real time.

I’ve been managing my server through the nyoki user (which has admin privileges), and the more I read about managing a server it becomes clear that having root access available by password authentication is dangerous.

Disabling Password Authentication

In the /etc/ssh/ssdh_config I updated this line:

57: PasswordAuthentication no 

Next, I had to edit this other file $ sudo nano /etc/ssh/sshd_config.d/50-cloud-init.conf and also disable the password authentication there.

Now I can only sign in to Mojave with an SSH key. So cool 😎