Disable ssh password authentication on High Sierra

ssh high-sierra

I want to disable password auth - ie keys only - on SSH. I've done this many times on Linux variants, and some searching here suggests it's the same on Mac, ie:

/etc/ssh/sshd_config

Then add/edit:

PasswordAuthentication no

However, this seems to have no effect - ie I can still log in with a password. Is there any different trick to do this on High Sierra?


Solution 1:

To prevent authentication without a public key, search for each of these in /etc/ssh/sshd_config, uncomment them, and set them to 'no':

PasswordAuthentication no
ChallengeResponseAuthentication no
UsePAM no

To restart sshd (which is required to have it reread the config file), use

sudo launchctl stop com.openssh.sshd
sudo launchctl start com.openssh.sshd

PS: Please be aware that macOS tends to overwrite /etc/ssh/sshd_config with each minor update. Starting with Monterey you can put your definitions in /etc/ssh/sshd_config.d/000-local.conf to avoid this.

Solution 2:

As it was said in klanomath's comment disabling only these lines won't work.

PermitRootLogin no
PasswordAuthentication no
PermitEmptyPasswords no
ChallengeResponseAuthentication no

To disable password login you need to edit UsePAM line as well.

UsePAM no

Related

5GHz capable drivers for BCM94360CS on Windows 7
How to remove a summoned potion?
Do any bosses outside their zone, drop their drops?
How can I read chat on a minecraft server using RCON?
How do I ward off Springtrap in FNAF 3 when he is at the office door?
Is there a way to turn a witch into a villager?
Is there any way to see the conversation log in Witcher 3?
How to enable third button cheat in final fight Mame?
How do I track player death in a specific area? [duplicate]
How can I fix an infinite loading screen on Forza Horizon 4?
Loading an entire Minecraft structure using structure blocks
How does decryption work?