Disable Password Auth (SSH Server MAC)
If there is no explicit entry for PasswordAuthentication
in the SSH server configuration file (/etc/ssh/sshd_config
), the default value is typically yes
. This means password-based authentication is allowed by default unless it is explicitly disabled.
To ensure that password-based authentication is disabled, you should explicitly set PasswordAuthentication no
in the configuration file.
How to Explicitly Disable Password Authentication
- Edit the SSH Configuration File:
Open the SSH configuration file with superuser privileges:
sudo idea /etc/ssh/sshd_config
(note: IntelliJ Sudo Access)
-
Set PasswordAuthentication to No:
Find the
PasswordAuthentication
line. If it is commented out (preceded by#
) or missing, add or uncomment and modify it to:PasswordAuthentication no
-
Ensure Other Relevant Settings:
Ensure
PubkeyAuthentication
is set toyes
to allow key-based authentication:PubkeyAuthentication yes
Also, ensure
ChallengeResponseAuthentication
is set tono
to disable keyboard-interactive authentication:ChallengeResponseAuthentication no
-
Restart SSH Service:
After making these changes, restart the SSH service to apply the new settings:
sudo launchctl stop com.openssh.sshd sudo launchctl start com.openssh.sshd
Summary of Configuration
Here is a summary of the relevant entries in /etc/ssh/sshd_config
:
PasswordAuthentication no
PubkeyAuthentication yes
ChallengeResponseAuthentication no
By explicitly setting these options, you ensure that only SSH key-based authentication is allowed and password-based authentication is disabled. This enhances the security of your SSH server.
Backlinks