SSH
is by default configured to allow logins via both password and public key.
PasswordAuthentication
Specifies whether password authentication is allowed. The default is yes.
Users would choose bad passwords and might not manage their passwords properly. This could be a security risk thus you might want to disable password authentication on your SSH
servers. The alternative is to configure public key authentication for your users.
You can enable or disable password authentication by configuring PasswordAuthentication
directive for your SSH
server.
sshd
configuration file using favourite text editor. $ sudo vi /etc/ssh/sshd_config [sudo] password for user:
PasswordAuthentication
and set the option to no
to disable PasswordAuthentication
method and yes
to enable. PasswordAuthentication no
Add the line if it doesn't already exist and remove the #
at the beginning of the line if exists.
Make sure other authentication method is enabled and tested before disabling password authentication method.
SSH
server service. $ sudo systemctl restart sshd
Guide compatibility:
Operating System |
---|
Ubuntu Linux |
Debian Linux |
Red Hat Enterprise Linux |
Fedora Linux |
CentOS Linux |
openSUSE Linux |
SUSE Linux Enterprise Server |
FreeBSD |
OpenBSD |
NetBSD |
macOS |
Comment anonymously. Login not required.