Saturday, November 3, 2012

In sshd, how to disable password login

Edit config file /etc/ssh/sshd_config to have this:
PasswordAuthentication no

NB:
Make sure other authentication methods are enable, e.g. "PubkeyAuthentication yes"
Supposedly, "AllowedAuthentications ..." is preferable to "XXXAuthentication yes", but it appears that there are weird interactions with "UsePAM yes", so with "UsePAM yes", this:

PubkeyAuthentication yes
PasswordAuthentication no

... is not the same as:

AllowedAuthentications pubkey

Specifically, pubkey authentication seems to fail with the second setting. Cursory google search yielded no answers and I got no time to dig into this rabbit hole.

No comments:

Post a Comment