Passwordless SSH login

R C cjvijf at gmail.com
Thu Feb 11 05:45:56 UTC 2021 

On 2/10/21 10:38 PM, R C wrote:
>
> On 2/10/21 10:18 PM, Bob wrote:
>> ** Reply to message from "Bob" <ubuntu-qygzanxc at listemail.net> on 
>> Wed, 10 Feb
>> 2021 15:49:35 -0800
>>
>>> I have set up SSH between two computers on my LAN and am trying to 
>>> disable
>>> password login.  SSH works between the computers.  I can login using
>>> public/private keys.  What I have not been able to do is disable the 
>>> password
>>> login.
>>>
>>> The instructions I am using
>>> <https://www.linuxbabe.com/linux-server/setup-passwordless-ssh-login> 
>>> says to
>>> edit /etc/ssh/sshd_config and change "PasswordAuthentication" from 
>>> "yes" to
>>> "no" and change "ChallengeResponseAuthentication" to "no". That did 
>>> not work
>>> as I can still SSH to the computer and login to the computer using the
>>> password.
>>>
>>> When I edit /etc/ssh/sshd_config "PasswordAuthentication" is 
>>> commented out so I
>>> removed the comment and changed "yes" to "no".
>>> "ChallengeResponseAuthentication" was not on the config file so I 
>>> added it.
>>> What else do I need to do?
>> I think this has gotten off on a tangent.
>>
>> What I want is to prevent someone logging in the the computer using a 
>> password.
>>
>> I only want to allow a login using an rsa key.
>>
> Well just set the password to a ridiculously long random password, 
> that no one will ever be able to guess, not a 100% guarantee, but 
> probably close enough. 


I believe, not sure you can  tell sshd not to use pam,  this is what I 
found in sshd_config:

# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication.  Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
# WARNING: 'UsePAM no' is not supported in Red Hat Enterprise Linux and 
may cause several
# problems.
UsePAM yes


that way it will probably only use the ssh key exchange   BUT   I bet 
you cannot use a root login on the console anymore either.

More information about the ubuntu-users mailing list