Disable PasswordAuthentication for SSH logins

ljmccarthy · January 23, 2020, 4:04pm

I am trying to disable password authentication for SSH logins. I have create /etc/ssh/ssd_config with the following contents:

PermitRootLogin no
PasswordAuthentication no

However, it still allows me to log in using a password.

ahkok · January 23, 2020, 4:29pm

I wrote man stateless to explicitly cover this use case. The problem is that there are several paths to password authentication and you need to disable all of them properly. The correct contents of the file should be:

ChallengeResponseAuthentication no
PasswordAuthentication no
UsePAM no

For more info, see:

https://github.com/clearlinux/clr-man-pages/blob/908bb5258e7107b57eb862cc0a932b8db82cd632/stateless.7.rst#sshd

Give it a try and let us know if that worked for you.

ljmccarthy · January 24, 2020, 7:58am

It works great, thanks again. I didn’t know about that man page, I will give it a thorough reading.