Hello,
According to the documentation, Prohibit-password only allows login by key.
However, I notice that it is possible for me to connect in SFTP with the root login…
Is this normal?
Thank you.
I am using HestiaCP 1.24 on Debian 10.
Yes, this is normal and by design. If you want to limit it to key auth only, please adjust you sshd_conf: https://serverpilot.io/docs/how-to-disable-ssh-password-authentication/
Thank you very much for your answer.
Is it something you would recommand?
I use it my self. There is no reason to use an password any more… Much easier… Make sure you backup the keys to cloud an you are fine
I see. Thank you again!