Prohibit-password not working?


According to the documentation, Prohibit-password only allows login by key.

However, I notice that it is possible for me to connect in SFTP with the root login…

Is this normal?

Thank you.

I am using HestiaCP 1.24 on Debian 10.

Yes, this is normal and by design. If you want to limit it to key auth only, please adjust you sshd_conf:

Thank you very much for your answer.

Is it something you would recommand?

I use it my self. There is no reason to use an password any more… Much easier… Make sure you backup the keys to cloud an you are fine

I see. Thank you again!