11

I configured login by SSH key which is working but I can still login by password, which I don't want.

I used sudo nano /etc/ssh/sshd_config to make the following changes:

PasswordAuthentication no
PubkeyAuthentication yes

I disabled the root login because my user can log in.

It should refuse login with password but it still allows it.

My version of ssh is OpenSSH_8.9p1 Ubuntu-3, OpenSSL 3.0.2 15 Mar 2022 on Ubuntu 22.04.

How do I disable the ability to login with password over SSH?

Nmath
  • 12,333
  • 2
    did you restart the ssh service? sudo service ssh restart – Nmath Nov 11 '22 at 22:08
  • 1
    You may also need ChallengeResponseAuthentication no in /etc/ssh/sshd_config. To restart sshd: sudo systemctl restart ssh. – user68186 Nov 11 '22 at 22:26
  • doesn't work. i inserted ChallengeResponseAuthentication no in /etc/ssh/sshd_config and restared the shh and down's work. like i sair in new answer. yes i did sudo service ssh restart

    but is in the same... my vps in on Contabo.

    I tried this on another vps on vultr, and it works... it disables the login with password. its possible the contabo has something configured?

    – Mário Alves Nov 11 '22 at 22:37
  • 1
    The comments are our channel to ask you for clarifications. Please edit the question. Do not ask a new question in the comments or in the answer. Questions about any specific VPS like Contabo is off topic here. You have to ask them. – user68186 Nov 11 '22 at 22:40
  • sorry. i already deleted the answer. i asked them, but they dont care and they take a long time to answer. but i think that i haved this well configured. – Mário Alves Nov 11 '22 at 22:44
  • https://unix.stackexchange.com/questions/727492/passwordauthentication-no-but-i-can-still-login-by-password – moo Dec 29 '23 at 09:02

1 Answers1

31

I already resolved this issue. Inside the directory /etc/ssh/sshd_config.d/ there is only one .conf file (50-cloud-init.conf), but inside it contains the line: PasswordAuthentication yes

I changed the line to #PasswordAuthentication yes

and i restarted the ssh. Now is working. I can only access with the ssh key.

Thanks.

  • 3
    I can't believe I wasted 3 hours over this looking for solutions. Thank you. – Pythagoras of Samos Dec 14 '22 at 15:58
  • 1
    Many thanks for that, I was having the same issue and that also worked for me! – Fábio Sousa Jan 21 '23 at 20:11
  • wow that's super annoying - thanks though you saved me a bunch of time! – JavaKungFu Jul 19 '23 at 16:53
  • Why would they ship it with an extra config file that overrides such a central setting from the base config file? – Rörd Aug 13 '23 at 12:58
  • 1
    Speculating that your instance is in a cloud, like Vultr, and the cloud provider added this file. Had the same problem here... – Mmm Sep 05 '23 at 21:50
  • yes. OVHCloud.. – Mário Alves Sep 07 '23 at 06:02
  • 1
    The installer for Ubuntu Server 22.04.3 will also do this if you enable the "Allow password login" option during the OpenSSH setup page. – drojf Oct 06 '23 at 11:28
  • PasswordAuthentication yes is indeed configured inside of /etc/ssh/sshd_config.d/50-cloud-init.conf. I have tried it on Ubuntu 22.04.3 on a local VM installation.

    That said, I found that /etc/ssh/sshd_config.d/50-cloud-init.conf is being referenced to in /etc/ssh/sshd_config:

    Include /etc/ssh/sshd_config.d/*.conf

    In my case, Im not using it, so I simply put a comment on that and it worked.

    – GaryP Nov 06 '23 at 03:54