{"id":10927,"date":"2026-04-11T10:31:55","date_gmt":"2026-04-11T10:31:55","guid":{"rendered":"https:\/\/bitep.net\/blog\/2026\/04\/11\/ubuntu-24-04-ssh-key-disable-password-login\/"},"modified":"2026-04-11T10:31:55","modified_gmt":"2026-04-11T10:31:55","slug":"ubuntu-24-04-ssh-key-disable-password-login","status":"publish","type":"post","link":"https:\/\/bitep.net\/blog\/2026\/04\/11\/ubuntu-24-04-ssh-key-disable-password-login\/","title":{"rendered":"Ubuntu 24.04 server-d\u0259 SSH key il\u0259 giri\u015f v\u0259 password login-in s\u00f6nd\u00fcr\u00fclm\u0259si"},"content":{"rendered":"

Ubuntu 24.04 server qurduqdan sonra \u0259n vacib t\u0259hl\u00fck\u0259sizlik add\u0131mlar\u0131ndan biri SSH giri\u015fini daha g\u00fccl\u00fc etm\u0259kdir. \u018fn z\u0259if ssenaril\u0259rd\u0259n biri serverin internet\u0259 a\u00e7\u0131q qalmas\u0131 v\u0259 istifad\u0259\u00e7il\u0259rin h\u0259l\u0259 d\u0259 yaln\u0131z parol il\u0259 daxil olmas\u0131d\u0131r. Bu v\u0259ziyy\u0259td\u0259 brute-force h\u00fccumlar\u0131, bot trafiki v\u0259 z\u0259if parol riski ciddi problem yarad\u0131r.<\/p>\n

Bu m\u0259qal\u0259d\u0259 Ubuntu 24.04 serverd\u0259 SSH key il\u0259 giri\u015f qurma\u011f\u0131<\/strong> v\u0259 daha sonra password login-i s\u00f6nd\u00fcrm\u0259yi<\/strong> add\u0131m-add\u0131m g\u00f6st\u0259r\u0259c\u0259y\u0259m. M\u0259qs\u0259d odur ki, server\u0259 yaln\u0131z sizd\u0259 olan private key il\u0259 daxil olmaq m\u00fcmk\u00fcn olsun.<\/p>\n

Niy\u0259 SSH key password-dan daha t\u0259hl\u00fck\u0259sizdir?<\/h2>\n

SSH key \u0259sasl\u0131 giri\u015fd\u0259 iki hiss\u0259 olur: public key v\u0259 private key. Public key server\u0259 yerl\u0259\u015fdirilir, private key is\u0259 sizin cihaz\u0131n\u0131zda qal\u0131r. Server giri\u015f zaman\u0131 h\u0259min c\u00fctl\u00fcy\u00fcn uy\u011funlu\u011funu yoxlay\u0131r. Bu yana\u015fma sad\u0259 parolla m\u00fcqayis\u0259d\u0259 daha dayan\u0131ql\u0131d\u0131r.<\/p>\n

    \n
  • brute-force h\u00fccumlar\u0131na qar\u015f\u0131 daha g\u00fccl\u00fcd\u00fcr<\/li>\n
  • private key \u015f\u0259b\u0259k\u0259 \u00fcz\u0259rind\u0259n g\u00f6nd\u0259rilmir<\/li>\n
  • passphrase il\u0259 \u0259lav\u0259 qoruma qoymaq m\u00fcmk\u00fcnd\u00fcr<\/li>\n
  • password login s\u00f6nd\u00fcr\u00fcl\u0259nd\u0259 avtomatik bot h\u00fccumlar\u0131n\u0131n b\u00f6y\u00fck hiss\u0259si m\u0259nas\u0131z olur<\/li>\n<\/ul>\n

    Ba\u015flamazdan \u0259vv\u0259l n\u0259 haz\u0131r olmal\u0131d\u0131r?<\/h2>\n
      \n
    • Ubuntu 24.04 server<\/li>\n
    • server\u0259 haz\u0131rda SSH il\u0259 giri\u015f imkan\u0131n\u0131z<\/li>\n
    • lokal cihaz\u0131n\u0131zda terminal v\u0259 ssh-keygen<\/code><\/li>\n
    • serverd\u0259 sudo s\u0259lahiyy\u0259ti<\/li>\n<\/ul>\n

      Vacib x\u0259b\u0259rdarl\u0131q:<\/strong> password login-i s\u00f6nd\u00fcrm\u0259zd\u0259n \u0259vv\u0259l m\u00fctl\u0259q SSH key il\u0259 giri\u015fin i\u015fl\u0259diyini ayr\u0131ca test edin. \u018fks halda \u00f6z\u00fcn\u00fcz\u00fc serverd\u0259n k\u0259narda qoya bil\u0259rsiniz.<\/p>\n

      Add\u0131m 1: Lokal cihazda SSH key yarad\u0131n<\/h2>\n

      \u018fg\u0259r art\u0131q a\u00e7ar\u0131n\u0131z yoxdursa, lokal ma\u015f\u0131nda bu \u0259mri i\u015fl\u0259din:<\/p>\n

      ssh-keygen -t rsa -b 4096 -C \"server-access\"<\/code><\/pre>\n
      Sistem sizd\u0259n fayl yolu v\u0259 passphrase soru\u015facaq. Default yol \u00e7ox hallarda kifay\u0259tdir. Passphrase \u0259lav\u0259 etm\u0259k yax\u015f\u0131 praktikad\u0131r.<\/p>\n
      Ad\u0259t\u0259n fayllar burada yaran\u0131r:<\/p>\n
        \n
      • ~\/.ssh\/id_rsa<\/code> \u2014 private key<\/li>\n
      • ~\/.ssh\/id_rsa.pub<\/code> \u2014 public key<\/li>\n<\/ul>\n
        Private key yaln\u0131z sizd\u0259 qalmal\u0131d\u0131r. He\u00e7 vaxt server\u0259 private key g\u00f6nd\u0259rm\u0259yin.<\/p>\n
        Add\u0131m 2: Public key-i server\u0259 k\u00f6\u00e7\u00fcr\u00fcn<\/h2>\n
        \u018fn rahat \u00fcsul:<\/p>\n
        ssh-copy-id username@server_ip<\/code><\/pre>\n
        \u018fg\u0259r standart 22 portundan ba\u015fqa port istifad\u0259 edirsinizs\u0259:<\/p>\n
        ssh-copy-id -p 2222 username@server_ip<\/code><\/pre>\n
        Bu komanda public key-i serverd\u0259 uy\u011fun istifad\u0259\u00e7inin ~\/.ssh\/authorized_keys<\/code> fayl\u0131na \u0259lav\u0259 edir.<\/p>\n
        \u018fg\u0259r ssh-copy-id<\/code> yoxdursa, manual \u00fcsul da m\u00fcmk\u00fcnd\u00fcr:<\/p>\n
        cat ~\/.ssh\/id_rsa.pub | ssh username@server_ip \"mkdir -p ~\/.ssh && chmod 700 ~\/.ssh && cat >> ~\/.ssh\/authorized_keys && chmod 600 ~\/.ssh\/authorized_keys\"<\/code><\/pre>\n
        Add\u0131m 3: SSH key il\u0259 giri\u015fin i\u015fl\u0259diyini test edin<\/h2>\n
        Yeni terminal a\u00e7\u0131n v\u0259 server\u0259 daxil olun:<\/p>\n
        ssh username@server_ip<\/code><\/pre>\n
        \u018fg\u0259r f\u0259rqli portdad\u0131rsa:<\/p>\n
        ssh -p 2222 username@server_ip<\/code><\/pre>\n
        Bu m\u0259rh\u0259l\u0259d\u0259 sizd\u0259n account password yox, private key passphrase ist\u0259n\u0259 bil\u0259r. \u018fg\u0259r u\u011furla daxil olursunuzsa, dem\u0259li \u0259sas ke\u00e7id haz\u0131rd\u0131r.<\/p>\n
        Burada dayan\u0131b test etm\u0259d\u0259n n\u00f6vb\u0259ti add\u0131ma ke\u00e7m\u0259yin.<\/strong><\/p>\n
        Add\u0131m 4: Serverd\u0259 SSH konfiqurasiyas\u0131n\u0131 yoxlay\u0131n<\/h2>\n
        Serverd\u0259 SSH config fayl\u0131n\u0131 a\u00e7\u0131n:<\/p>\n
        sudo nano \/etc\/ssh\/sshd_config<\/code><\/pre>\n
        A\u015fa\u011f\u0131dak\u0131 s\u0259tirl\u0259ri yoxlay\u0131n v\u0259 laz\u0131m g\u0259l\u0259rs\u0259 d\u00fcz\u0259ldin:<\/p>\n
        PubkeyAuthentication yes\nPasswordAuthentication no\nChallengeResponseAuthentication no\nUsePAM yes<\/code><\/pre>\n
        B\u0259zi sisteml\u0259rd\u0259 PasswordAuthentication<\/code> s\u0259tiri comment-d\u0259 v\u0259 ya ba\u015fqa yerd\u0259 t\u0259krar ola bil\u0259r. Son t\u0259tbiq olunan d\u0259y\u0259rin no<\/code> olmas\u0131na diqq\u0259t edin.<\/p>\n
        Add\u0131m 5: \u018flav\u0259 t\u0259hl\u00fck\u0259sizlik \u00fc\u00e7\u00fcn root login-i ba\u011flay\u0131n<\/h2>\n
        \u018fg\u0259r root il\u0259 birba\u015fa SSH giri\u015fin\u0259 ehtiyac yoxdursa, bunu da s\u00f6nd\u00fcr\u00fcn:<\/p>\n
        PermitRootLogin no<\/code><\/pre>\n
        Bu, x\u00fcsusil\u0259 internet\u0259 a\u00e7\u0131q VPS-l\u0259r \u00fc\u00e7\u00fcn yax\u015f\u0131 praktikad\u0131r.<\/p>\n
        Add\u0131m 6: SSH konfiqurasiyas\u0131n\u0131 test edin<\/h2>\n
        D\u0259yi\u015fiklikd\u0259n sonra servisi korlamamaq \u00fc\u00e7\u00fcn \u0259vv\u0259lc\u0259 test edin:<\/p>\n
        sudo sshd -t<\/code><\/pre>\n
        \u018fg\u0259r s\u0259hv \u00e7\u0131xm\u0131rsa, servisi yenid\u0259n ba\u015flad\u0131n:<\/p>\n
        sudo systemctl restart ssh<\/code><\/pre>\n
        B\u0259zi sisteml\u0259rd\u0259 servis ad\u0131 sshd<\/code> d\u0259 ola bil\u0259r, amma Ubuntu-da \u00e7ox vaxt ssh<\/code> i\u015fl\u0259yir.<\/p>\n
        Add\u0131m 7: M\u00f6vcud sessiyan\u0131 ba\u011flamadan yenid\u0259n test edin<\/h2>\n
        Bu \u00e7ox vacib add\u0131md\u0131r. Haz\u0131rk\u0131 a\u00e7\u0131q SSH sessiyan\u0131 ba\u011flamay\u0131n. Ayr\u0131 terminaldan t\u0259krar giri\u015f edin:<\/p>\n
        ssh username@server_ip<\/code><\/pre>\n
        \u018fg\u0259r bu giri\u015f u\u011furlu olarsa, art\u0131q password login s\u00f6nd\u00fcr\u00fclm\u00fc\u015f, key login is\u0259 i\u015fl\u0259k v\u0259ziyy\u0259td\u0259dir.<\/p>\n
        Fayl v\u0259 qovluq icaz\u0259l\u0259ri niy\u0259 vacibdir?<\/h2>\n
        OpenSSH fayl permission-lar\u0131na \u00e7ox h\u0259ssasd\u0131r. \u018fg\u0259r icaz\u0259l\u0259r h\u0259ddind\u0259n art\u0131q a\u00e7\u0131qd\u0131rsa, server key auth-u r\u0259dd ed\u0259 bil\u0259r. Server t\u0259r\u0259find\u0259 bunlar\u0131 yoxlay\u0131n:<\/p>\n
        chmod 700 ~\/.ssh\nchmod 600 ~\/.ssh\/authorized_keys\nchmod go-w ~<\/code><\/pre>\n
        Bu, \u0259n \u00e7ox rast g\u0259lin\u0259n Permission denied (publickey)<\/code> probleml\u0259rind\u0259n birini h\u0259ll edir.<\/p>\n
        \u018fn \u00e7ox rast g\u0259lin\u0259n probleml\u0259r<\/h2>\n
        1. H\u0259l\u0259 d\u0259 password soru\u015fulur<\/h3>\n
          \n
        • public key d\u00fczg\u00fcn k\u00f6\u00e7\u00fcr\u00fclm\u0259yib<\/li>\n
        • authorized_keys<\/code> fayl\u0131 s\u0259hv istifad\u0259\u00e7id\u0259dir<\/li>\n
        • PubkeyAuthentication yes<\/code> aktiv deyil<\/li>\n
        • permission-lar h\u0259ddind\u0259n art\u0131q a\u00e7\u0131qd\u0131r<\/li>\n<\/ul>\n
          2. Permission denied (publickey)<\/h3>\n
          \u018fn \u00e7ox s\u0259b\u0259b budur:<\/p>\n
            \n
          • private key d\u00fczg\u00fcn se\u00e7ilmir<\/li>\n
          • serverd\u0259 ~\/.ssh<\/code> v\u0259 authorized_keys<\/code> icaz\u0259l\u0259ri s\u0259hvdir<\/li>\n
          • yanl\u0131\u015f istifad\u0259\u00e7i il\u0259 daxil olma\u011fa \u00e7al\u0131\u015f\u0131rs\u0131n\u0131z<\/li>\n<\/ul>\n
            Debug \u00fc\u00e7\u00fcn bu \u0259mrd\u0259n istifad\u0259 edin:<\/p>\n
            ssh -v username@server_ip<\/code><\/pre>\n
            3. Restart-dan sonra i\u00e7\u0259ri gir\u0259 bilmirsiniz<\/h3>\n
            Ona g\u00f6r\u0259 d\u0259 \u0259vv\u0259lki add\u0131mda qeyd etdiyim kimi, k\u00f6hn\u0259 sessiyan\u0131 ba\u011flamadan yeni sessiya il\u0259 test etm\u0259k vacibdir. \u018fg\u0259r bir \u015fey s\u0259hvdirs\u0259, a\u00e7\u0131q qalan sessiyadan config-i geri d\u00fcz\u0259ld\u0259 bil\u0259rsiniz.<\/p>\n
            Daha da s\u0259rtl\u0259\u015fdirm\u0259k ist\u0259yirsinizs\u0259<\/h2>\n
              \n
            • SSH portunu d\u0259yi\u015fin<\/li>\n
            • Fail2ban qura\u015fd\u0131r\u0131n<\/li>\n
            • yaln\u0131z m\u00fc\u0259yy\u0259n IP-l\u0259r\u0259 icaz\u0259 verin<\/li>\n
            • UFW il\u0259 SSH giri\u015fini m\u0259hdudla\u015fd\u0131r\u0131n<\/li>\n
            • hardware-backed a\u00e7ar v\u0259 ya FIDO2 a\u00e7ar istifad\u0259 edin<\/li>\n<\/ul>\n
              Amma baza t\u0259hl\u00fck\u0259sizlik \u00fc\u00e7\u00fcn \u0259n b\u00f6y\u00fck s\u0131\u00e7ray\u0131\u015flardan biri m\u0259hz password login-i s\u00f6nd\u00fcrm\u0259kdir.<\/p>\n
              N\u0259tic\u0259<\/h2>\n
              Ubuntu 24.04 serverd\u0259 SSH key il\u0259 giri\u015f qurmaq v\u0259 password login-i s\u00f6nd\u00fcrm\u0259k server t\u0259hl\u00fck\u0259sizliyind\u0259 \u0259n praktik add\u0131mlardan biridir. Bu ke\u00e7id bir ne\u00e7\u0259 d\u0259qiq\u0259 \u00e7\u0259kir, amma t\u0259siri b\u00f6y\u00fck olur. \u018fsas qayda sad\u0259dir: \u0259vv\u0259l key login-i ayr\u0131ca test edin, sonra password login-i ba\u011flay\u0131n.<\/p>\n
              \u018fg\u0259r serveriniz internet\u0259 a\u00e7\u0131qd\u0131rsa, bu add\u0131m\u0131 gecikdirm\u0259k \u0259v\u0259zin\u0259 planl\u0131 v\u0259 diqq\u0259tli \u015f\u0259kild\u0259 indi etm\u0259k daha do\u011frudur.<\/p>\n","protected":false},"excerpt":{"rendered":"
              Ubuntu 24.04 server qurduqdan sonra \u0259n vacib t\u0259hl\u00fck\u0259sizlik add\u0131mlar\u0131ndan biri SSH giri\u015fini daha g\u00fccl\u00fc etm\u0259kdir. \u018fn z\u0259if ssenaril\u0259rd\u0259n biri serverin internet\u0259 a\u00e7\u0131q qalmas\u0131 v\u0259 istifad\u0259\u00e7il\u0259rin h\u0259l\u0259 d\u0259 yaln\u0131z parol il\u0259 daxil olmas\u0131d\u0131r. Bu v\u0259ziyy\u0259td\u0259 brute-force h\u00fccumlar\u0131, bot trafiki v\u0259 z\u0259if parol riski ciddi problem yarad\u0131r. Bu m\u0259qal\u0259d\u0259 Ubuntu 24.04 serverd\u0259 SSH key il\u0259 giri\u015f qurma\u011f\u0131 […]<\/p>\n","protected":false},"author":1,"featured_media":10926,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[31,17,41],"tags":[],"class_list":["post-10927","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cyber-security","category-hosting","category-tutoriallar"],"aioseo_notices":[],"jetpack_featured_media_url":"https:\/\/bitep.net\/blog\/wp-content\/uploads\/2026\/04\/ssh-key-disable-password-ubuntu-24-04.png","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/bitep.net\/blog\/wp-json\/wp\/v2\/posts\/10927","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/bitep.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/bitep.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/bitep.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/bitep.net\/blog\/wp-json\/wp\/v2\/comments?post=10927"}],"version-history":[{"count":0,"href":"https:\/\/bitep.net\/blog\/wp-json\/wp\/v2\/posts\/10927\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/bitep.net\/blog\/wp-json\/wp\/v2\/media\/10926"}],"wp:attachment":[{"href":"https:\/\/bitep.net\/blog\/wp-json\/wp\/v2\/media?parent=10927"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/bitep.net\/blog\/wp-json\/wp\/v2\/categories?post=10927"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/bitep.net\/blog\/wp-json\/wp\/v2\/tags?post=10927"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}