Disable SSH Password Login


I recommend using SSH key based authentication to all your Unix servers. There's a good rationale for this written here.

To ensure users use SSH keys to log into your server, turn off PasswordAuthentication like so:

# echo PasswordAuthentication no > /etc/ssh/sshd_config.d/disable-password-login.conf
# systemctl reload sshd

Now, if the user doesn't have a private key that matches the entries in ~/.ssh/authorized_keys on the server when logging in, he'll get no password prompt anymore:

$ ssh foo@ssh.example.com
foo@ssh.example.com: Permission denied (publickey).

Licensed under CC BY Creative Commons License ~ ✉ torstein.k.johansen @ gmail ~ 🐘 @skybert@hachyderm.io ~ 🐦 @torsteinkrause