SSH server in most systems is by default configured to allow public-key authentication. The method will enable you to use your public and private key pair to passwordlessly log in to an SSH server instead of the typical username and password method.

Specifies whether public key authentication is allowed. The default is yes.

You can disable public key authentication if your private key is compromised or for any other reason by configuring your SSH server.

Public key authentication method for SSH could be enabled or disabled by configuring the PubkeyAuthentication directive in the sshd_config file on the server.

Steps to enable or disable public key authentication in SSH:

  1. Launch your preferred terminal application.
  2. Open SSHd configuration file with your favourite text editor.
    $ sudo vi /etc/ssh/sshd_config
    [sudo] password for user:
  3. Search for PubkeyAuthentication and set the option to yes or no.
    PubkeyAuthentication no

    Add the line if it doesn't already exist and remove # at the beginning of the line if it exists.
    Set it to yes to allow public key authentication method and no to disallow.

    Make sure your other authentication method such as password is enabled before disabling public key authentication method as you might completely lose remote access to your server.

  4. Reload or restart SSH server service for the changes to take effect.
    $ sudo systemctl restart sshd
Discuss the article:

Comment anonymously. Login not required.