Disable Password Auth (SSH Server MAC)

If there is no explicit entry for PasswordAuthentication in the SSH server configuration file (/etc/ssh/sshd_config), the default value is typically yes. This means password-based authentication is allowed by default unless it is explicitly disabled.

To ensure that password-based authentication is disabled, you should explicitly set PasswordAuthentication no in the configuration file.

How to Explicitly Disable Password Authentication

1. Edit the SSH Configuration File:

Open the SSH configuration file with superuser privileges:

sudo idea /etc/ssh/sshd_config

(note: IntelliJ Sudo Access)

2. Set PasswordAuthentication to No:

   Find the PasswordAuthentication line. If it is commented out (preceded by #) or missing, add or uncomment and modify it to:

   PasswordAuthentication no
   

3. Ensure Other Relevant Settings:

   Ensure PubkeyAuthentication is set to yes to allow key-based authentication:

   PubkeyAuthentication yes
   

   Also, ensure ChallengeResponseAuthentication is set to no to disable keyboard-interactive authentication:

   ChallengeResponseAuthentication no
   

4. Restart SSH Service:

   After making these changes, restart the SSH service to apply the new settings:

   sudo launchctl stop com.openssh.sshd
   sudo launchctl start com.openssh.sshd
   

Summary of Configuration

Here is a summary of the relevant entries in /etc/ssh/sshd_config:

PasswordAuthentication no
PubkeyAuthentication yes
ChallengeResponseAuthentication no

By explicitly setting these options, you ensure that only SSH key-based authentication is allowed and password-based authentication is disabled. This enhances the security of your SSH server.

---

Backlinks

• SSH Server Setup on Mac
• Setup Local GIT SSH Server on Mac