Disable SSH password

Community Support
1

I’ve created a secure SSH access using PuTTYGen PKI and it works.
However, if I try to login with PuTTY without public-key, I still get the password prompt.
I read few posts on how to disable SSH login password, and I edited sshd_config as below but nothing worked.

/root/.ssh/authorized_keys ** I created this file and it worked

xxxxxxxxxx my public key xxxxxxxx

/etc/ssh/ sshd_config ** didn’t work

PasswordAuthentication no

Any suggestions? Thanks

Hestia panel: 1.8.12
Ubuntu: 22.04

Disable SSH on Server

Disable password authentication in ssh

2

You must edit /etc/ssh/sshd_config or create a custom config file only with the new/modified directives in a file like /etc/ssh/sshd_config.d/custom.conf

To apply the changes restart ssh:

systemctl restart sshd

After restart sshd, don’t close the current session, try to test the ssh connection using another session. If you close the current session and for whatever reason the applied changes doesn’t work and you can’t login anymore, you’ll have a problem but if the current session is still open, you could fix the sshd conf.

1 Like
3

Echo: Keep 2 terminal windows open, one as a back up to ensure you still have access if you get into issues and are able to revert the changes.

This is how I always do, and it works in one go.

First ensure you have generated a keygen (example puttygen for windows), and ensure the SSH keys folder is present & accessible:

ls -l ~/.ssh

If not present, make one and grant correct permissions as:

cd ~
mkdir .ssh
touch .ssh/authorized_keys
chmod 700 .ssh
chmod 600 .ssh/authorized_keys

Ensure to create a backup of your sshd config file for any issues later on.

sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak

Now edit the filw as needed, like:

sudo nano /etc/ssh/sshd_config

Search for the relevant line and un-comment as:

#PubkeyAuthentication yes
PubkeyAuthentication yes

Change the YES to NO for password authetication:

PasswordAuthentication yes
PasswordAuthentication no

You can also disable SSH root login if you wish (using some other user for example) by changing the YES to NO:

PermitRootLogin yes
PermitRootLogin no

Once done restart the service:

sudo systemctl restart sshd

or

sudo service sshd restart

4

Done it, and without closing the session. Same issue.
SSH terminal (PuTTY) still asks for the password when I try to login without PKI (just with the IP).

5

Show your conf:

grep -Ev '^$|^#' /etc/ssh/sshd_config
grep -Ev '^$|^#' /etc/ssh/sshd_config.d/*
6

Thanks, I did it ; SSH with PKI works fine.
but when I try to login without PKI (just the IP) , PuTTY asks for the psw again.
I’m trying to simulate a user trying to login and I’m asked for the psw -which I’m trying to disable.

7

Thanks I think you got it, now how do I fix it?

grep -Ev ‘^$|^#’ /etc/ssh/sshd_config

LoginGraceTime 1m
PermitRootLogin yes
PubkeyAuthentication yes
PasswordAuthentication no
KbdInteractiveAuthentication no
GSSAPIAuthentication no
UsePAM no
X11Forwarding yes
PrintMotd no
UseDNS no
DebianBanner no
AcceptEnv LANG LC_*
Subsystem sftp internal-sftp
 
Match User sftp_dummy99,admin,bob32,bob32_clftp,bob32_flaftp,bob32_caftp,bob32_14820,bob32_LW06212,bob32_SN06334,bob32_FE03104,bob32_ES02991,bob32_lwdsp
ChrootDirectory %h
    X11Forwarding no
    AllowTCPForwarding no
    ForceCommand internal-sftp

grep -Ev ‘^$|^#’ /etc/ssh/sshd_config.d/*

PasswordAuthentication yes   ** Got it! How to disable this?
8

Edit the file that has the directive in /etc/ssh/sshd_config.d/ and comment that line:

#PasswordAuthentication yes

Once done restart sshd.

1 Like
9

Brilliant, it worked

Thank you.

1 Like
10

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.