[gentoo-user] ssh disable password login

public inbox for gentoo-user@lists.gentoo.org
 help / color / mirror / Atom feed

* [gentoo-user] ssh disable password login
@ 2024-01-19  0:01 thelma
  2024-01-19  0:34 ` thelma
  2024-01-19  1:11 ` thelma
  0 siblings, 2 replies; 3+ messages in thread
From: thelma @ 2024-01-19  0:01 UTC (permalink / raw
  To: Gentoo mailing list

sshd_config has:
...
PasswordAuthentication no

/etc/init.d/sshd restart

but still can login with password. How to disable password login?

-- 
Thelma


^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [gentoo-user] ssh disable password login
  2024-01-19  0:01 [gentoo-user] ssh disable password login thelma
@ 2024-01-19  0:34 ` thelma
  2024-01-19  1:11 ` thelma
  1 sibling, 0 replies; 3+ messages in thread
From: thelma @ 2024-01-19  0:34 UTC (permalink / raw
  To: gentoo-user

On 1/18/24 17:01, thelma@sys-concept.com wrote:
> sshd_config has:
> ...
> PasswordAuthentication no
> 
> /etc/init.d/sshd restart
> 
> but still can login with password. How to disable password login?

Hm, most of the reference on the net mention only line: "PasswordAuthentication no"
none of them mentioned "usePAM no" need to be enabled

  


^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [gentoo-user] ssh disable password login
  2024-01-19  0:01 [gentoo-user] ssh disable password login thelma
  2024-01-19  0:34 ` thelma
@ 2024-01-19  1:11 ` thelma
  1 sibling, 0 replies; 3+ messages in thread
From: thelma @ 2024-01-19  1:11 UTC (permalink / raw
  To: gentoo-user

On 1/18/24 17:01, thelma@sys-concept.com wrote:
> sshd_config has:
> ...
> PasswordAuthentication no
> 
> /etc/init.d/sshd restart
> 
> but still can login with password. How to disable password login?

1.)
"PasswordAuthentication no + UsePAM no" worked

I got a respond:  "...Permission denied (publickey,keyboard-interactive)."

this focuses on disabling password-based authentication and the PAM system, leaving the door open for other authentication methods that don't rely on passwords.

What other authentication methods that don't rely on passwords are?

2.) but so did:
"PasswordAuthentication no + KbdInteractiveAuthentication no"

I got a respond:  "...Permission denied (publickey)"

This also disables password-based authentication but goes further by explicitly turning off keyboard-interactive authentication.
This makes the authentication process non-interactive and relies on methods like public key authentication.

It seems to me, second method is preferred.

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2024-01-19  1:12 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-01-19  0:01 [gentoo-user] ssh disable password login thelma
2024-01-19  0:34 ` thelma
2024-01-19  1:11 ` thelma

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox