Disable password authentication for SSH

Question

I m looking for a way to disable SSH clients from accessing the password prompt as noted here   I am unable to disable the password  prompt for root login  I have change the sshd config file to read   ChallengeResponseAuthentication no PasswordAuthentication no UsePAM no   and have also changed the permissions chmod 700    ssh and chmod 600    ssh authorized keys  What am I missing  Does this require I have a passphrase   Verbose dump   debug1  Authentications that can continue  publickey password debug1  Next authentication method  publickey debug1  Offering RSA public key   home user  ssh id rsa debug1  Authentications that can continue  publickey password debug1  Trying private key   home user  ssh id dsa debug1  Trying private key   home user  ssh id ecdsa debug1  Next authentication method  password   File  etc ssh sshd config     Package generated configuration file   See the sshd config 5  manpage for details    What ports  IPs and protocols we listen for Port 22   Use these options to restrict which interfaces protocols sshd will bind to  ListenAddress     ListenAddress 0 0 0 0 Protocol 2   HostKeys for protocol version 2 HostKey  etc ssh ssh host rsa key HostKey  etc ssh ssh host dsa key HostKey  etc ssh ssh host ecdsa key  Privilege Separation is turned on for security UsePrivilegeSeparation yes    Lifetime and size of ephemeral version 1 server key KeyRegenerationInterval 3600 ServerKeyBits 768    Logging SyslogFacility AUTH LogLevel INFO    Authentication  LoginGraceTime 120 PermitRootLogin no StrictModes yes  RSAAuthentication yes PubkeyAuthentication yes  AuthorizedKeysFile     h  ssh authorized keys    Don t read the user s    rhosts and    shosts files IgnoreRhosts yes   For this to work you will also need host keys in  etc ssh known hosts RhostsRSAAuthentication no   similar for protocol version 2 HostbasedAuthentication no   Uncomment if you don t trust    ssh known hosts for RhostsRSAAuthentication  IgnoreUserKnownHosts yes    To enable empty passwords  change to yes  NOT RECOMMENDED  PermitEmptyPasswords no    Change to yes to enable challenge-response passwords  beware issues with   some PAM modules and threads  ChallengeResponseAuthentication no    Change to no to disable tunnelled clear text passwords  PasswordAuthentication no    Kerberos options  KerberosAuthentication no  KerberosGetAFSToken no  KerberosOrLocalPasswd yes  KerberosTicketCleanup yes    GSSAPI options  GSSAPIAuthentication no  GSSAPICleanupCredentials yes  X11Forwarding yes X11DisplayOffset 10 PrintMotd no PrintLastLog yes TCPKeepAlive yes  UseLogin no   MaxStartups 10 30 60 Banner  etc issue net    Allow client to pass locale environment variables AcceptEnv LANG LC    Subsystem sftp  usr lib openssh sftp-server    Set this to  yes  to enable PAM authentication  account processing    and session processing  If this is enabled  PAM authentication will   be allowed through the ChallengeResponseAuthentication and   PasswordAuthentication   Depending on your PAM configuration    PAM authentication via ChallengeResponseAuthentication may bypass   the setting of  PermitRootLogin without-password     If you just want the PAM account and session checks to run without   PAM authentication  then enable this but set PasswordAuthentication   and ChallengeResponseAuthentication to  no   UsePAM no

User · Answer

Here s a script to do this automatically    Only allow key based logins sed -n  H   x s   PasswordAuthentication yes PasswordAuthentication no  p     etc ssh sshd config  gt  tmp sshd config cat tmp sshd config  gt   etc ssh sshd config rm tmp sshd config

User · Answer

Run  service ssh restart   instead of    etc init d ssh restart   This might work

User · Answer

I followed these steps  for Mac    In  etc ssh sshd config change   ChallengeResponseAuthentication yes  PasswordAuthentication yes   to  ChallengeResponseAuthentication no PasswordAuthentication no   Now generate the RSA key   ssh-keygen -t rsa -P    -f    ssh id rsa    For me an RSA key worked  A DSA key did not work    A private key will be generated in    ssh id rsa along with    ssh id rsa pub  public key    Now move to the  ssh folder  cd    ssh  Enter rm -rf authorized keys  sometimes multiple keys lead to an error    Enter vi authorized keys  Enter  wq to save this empty file  Enter cat    ssh id rsa pub  gt  gt     ssh authorized keys  Restart the SSH   sudo launchctl stop com openssh sshd sudo launchctl start com openssh sshd

User · Answer

In file  etc ssh sshd config    Change to no to disable tunnelled clear text passwords  PasswordAuthentication no   Uncomment the second line  and  if needed  change yes to no   Then run  service ssh restart

User · Answer

The one-liner to disable SSH password authentication  sed -i  s PasswordAuthentication yes PasswordAuthentication no g   etc ssh sshd config  amp  amp  service ssh restart

[ubuntu] Disable password authentication for SSH

Examples related to ubuntu

Examples related to ssh