Here is how to disable ssh password authentication so that you can force ssh login via public key only.
Open sshd configuration file, and add the following line (or uncomment it if it’s commented out).
- Code: Select all
sudo nano /etc/ssh/sshd_config
PasswordAuthentication no
Make sure that you have the following in /etc/ssh/sshd_config, in order to allow private/public key authentication.
RSAAuthentication yes
PubkeyAuthentication yes
Finally, reload ssh server configuration to make the change effective.
- Code: Select all
sudo /etc/init.d/ssh reload
The above setting will disable ssh login via password, system-wide. If what you want is to disable ssh password login for individual users, you can do the following.
If you want to disable ssh password authentication for specific users only, use “Match User” field as follows.
Match User theemahn,ironmahn
PasswordAuthentication no
If you want to disable ssh password login for specific Linux group(s), use “Match Group” field. For example, to disable ssh password login for all users belonging to “sudoers” group:
Match Group sudoers
PasswordAuthentication no
If you want to force ssh key authentication for non-root normal users, use “Match User” field.
Match User !root
PasswordAuthentication no