SSH public key authentication allows secure, passwordless login to an SSH server using a key pair. By default, this method is enabled on most systems. It is a preferred authentication method due to its enhanced security compared to password-based logins.

PubkeyAuthentication
Specifies whether public key authentication is allowed. The default is yes.

However, there are situations where you might need to disable public key authentication. This could be necessary if your private key is compromised or if you need to enforce stricter access controls. Disabling this method requires adjusting the PubkeyAuthentication directive in the SSH server configuration file.

Understanding how to enable or disable SSH key authentication is essential for managing server access. You need to ensure that the correct authentication methods are in place to maintain secure and uninterrupted access to your server.

Related: How to set up passwordless SSH authentication
Related: How to authenticate using Public Key Authentication method in SSH

Steps to enable or disable public key authentication in SSH:

  1. Open your terminal application.
  2. Access the SSH server configuration file using a text editor. 
    $ sudo vi /etc/ssh/sshd_config
[sudo] password for user:
  3. Locate the PubkeyAuthentication directive.
  4. Set PubkeyAuthentication to yes to enable or no to disable public key authentication. 
    PubkeyAuthentication no

    Add the line if it doesn't already exist and remove # at the beginning of the line if it exists.
    Set it to yes to allow public key authentication method and no to disallow.

    Make sure your other authentication method such as password is enabled before disabling public key authentication method as you might completely lose remote access to your server.

  5. Save the changes and close the editor.
  6. Reload or restart the SSH service to apply the changes. 
    $ sudo systemctl restart sshd
Discuss the article:

Comment anonymously. Login not required.