Edit config file /etc/ssh/sshd_config to have this:
PasswordAuthentication no
NB:
Make sure other authentication methods are enable, e.g. "PubkeyAuthentication yes"
Supposedly, "AllowedAuthentications ..." is preferable to "XXXAuthentication yes", but it appears that there are weird interactions with "UsePAM yes", so with "UsePAM yes", this:
PubkeyAuthentication yes
PasswordAuthentication no
... is not the same as:
AllowedAuthentications pubkey
Specifically, pubkey authentication seems to fail with the second setting. Cursory google search yielded no answers and I got no time to dig into this rabbit hole.
No comments:
Post a Comment