Passwordless SSH login

[Bob]

** Reply to message from R C <cjvijf at gmail.com> on Wed, 10 Feb 2021 20:29:44
-0700

> On 2/10/21 8:19 PM, Bob wrote:
> > ** Reply to message from R C <cjvijf at gmail.com> on Wed, 10 Feb 2021 17:35:40
> > -0700
> >
> >> On 2/10/21 5:17 PM, Karl Auer wrote:
> >>> On Wed, 2021-02-10 at 15:49 -0800, Bob wrote:
> >>>> I have set up SSH between two computers on my LAN and am trying to
> >>>> disable password login.
> >>> I'm wondering if you are confusing the password on the account with the
> >>> passphrase on the ssh key.
> >>>
> >>> Also, each time you change the sshd configuration file you need to
> >>> restart the sshd server for the change to "take":
> >>>
> >>>      systemctl restart sshd
> >> I think OP is trying to do key based logins. (host based or priv/pub key
> >> pair?)
> > I am trying to only allow a key based login.
> >
> >
> >> You can disable  'regular' password logins with
> >> "|PasswordAuthentication no" I believe, BUT, that would only allow
> >> logons from machines key based.|
> > Which is what I want.  I do have "PasswordAuthentication no".  The
> > documentation I have says that you also need "ChallengeResonpseAuthentication
> > no".
> 
> 
> probably also unnecessary
> 
> you are changing/using the file "/etc/ssh/sshd_config" on the server,  
> right?

Yes.


> >> |(you can also make changes in the pam stack,  but I'd be hesitant to do
> >> that)
> >> |
> >>
> >> |If you'd go either route, I'd allow  root logins at the console, so
> >> that when something gets messed up with the keys (and users (including
> >> yourself) will mess up their keys), you'd still have a  reasonable way in.
> >> |
> >>
> >>
> >> R
> >>
> >>> Regards, K.
>

-- 
Robert Blair


What this country needs are more unemployed politicians.  -- Edward Langley, Artist (1928-1995)