SSH is by default configured to allow logins via both password and public key.

PasswordAuthentication
Specifies whether password authentication is allowed. The default is yes.

Users would choose bad passwords and might not manage their passwords properly. This could be a security risk thus you might want to disable password authentication on your SSH servers. The alternative is to configure public key authentication for your users.

How to enable or disable public key authentication in SSH

You can disable password authentication by disabling PasswordAuthentication directive for your SSH server.

Steps to disable password authentication in SSH:

  1. Launch your preferred terminal application.
  2. Open sshd configuration file using favourite text editor. 
    $ sudo vi /etc/ssh/sshd_config
[sudo] password for user:
  3. Search for PasswordAuthentication and set the option to no. 
    PasswordAuthentication no

    Add the line if it doesn't already exist and remove the # at the beginning of the line if exists.

  4. Reload or restart SSH server service. 
    $ sudo systemctl restart sshd

Guide compatibility:

Operating System
Ubuntu Linux
Debian Linux
Red Hat Enterprise Linux
Fedora Linux
CentOS Linux
openSUSE Linux
SUSE Linux Enterprise Server
FreeBSD
OpenBSD
NetBSD
macOS
Share this guide!
Discuss the article:

Comment anonymously. Login not required.

author: shakir
Share!