How to allow or disallow SSH password authentication

SSH password authentication is a common method for logging into remote servers. It is usually enabled by default, allowing users to log in with just a username and password. This method is simple and widely recognized, but it can also introduce security risks if not managed properly.

To enhance security, some administrators may choose to disable password authentication on their SSH servers. Disabling this method forces users to rely on more secure authentication methods, such as public key authentication. This approach reduces the risk of unauthorized access through brute-force attacks or weak passwords.

You can manage SSH password authentication by modifying the PasswordAuthentication setting in the SSH server's configuration file. This setting determines whether users can log in using passwords. Adjusting it allows you to enable or disable password-based logins according to your security needs.

1. Launch your preferred terminal application.
2. Edit the sshd_config file with a text editor.

   $ sudo vi /etc/ssh/sshd_config
   [sudo] password for user:

3. Locate the PasswordAuthentication directive.
4. Set the value to no to disable password authentication method and yes to enable.

   PasswordAuthentication no

   Add the line if it doesn't already exist and remove # at the beginning of the line if it exists.
   Set it to yes to allow password authentication method and no to disallow.

   Make sure another authentication method is enabled and tested before disabling the password authentication method.

5. Save the changes to the configuration file.
6. Restart the SSH service to apply the changes.

   $ sudo systemctl restart sshd