SSH - identify which users still login using passwords
I have an Ubuntu Linux server allowing password authentication for SSH, and I want to switch it to SSH keys only and disable password login.
Before I disable password login, how can I find out which users are still using passwords, and which have switched to key authentication?
Solution 1:
You can't do that 100% reliably, but there are two strong indications:
- First, the presence of a
.ssh/authorized_keys
file is a hint the user is at least prepared to use key based login -
Second, in the authentication log file (
/var/log/secure
on CentOS,/var/log/auth.log
on Debian/Ubuntu), the auth method will be logged:Sep 28 13:44:28 hostname sshd[12084]: Accepted publickey for sven
vs
Sep 28 13:47:36 hostname sshd[12698]: Accepted password for sven
Scan the log for entries with password mentioned to learn who is still using passwords. This will not work with users seldom logging in of course unless you have very long log retention.
Solution 2:
Fastest way is to disable it and see who knocks on your office door ;p