Q: How-to: Disable ssh password authentication and enable private key authentication
I have looked around the Web to find clear instructions on how to edit the sshd_config file, so that the sshd process will refuse password authentication and instead use a private-key-public-key pair authentication. I have since figured it out and wanted to document this here. Documentation on how to generate an ssh private-key-public-key pair is available elsewhere, and so is where on the host and client to store the private and public keys to make it work. This is merely about what configuration parameters must be set in sshd_config.
I have found the sshd_config file in two locations on Macs running El Capitan: /etc/sshd_config and /etc/ssh/sshd_config. I am not sure, why this is not uniform.
The options that must be set are
RSAAuthentication yes
PubkeyAuthentication yes
PasswordAuthentication no
ChallengeResponseAuthentication no
UsePAM no
Once the file has been edited, sshd must be restarted.
One way to do it is by issuing the command
sudo launchctl stop com.openssh.sshd
Inviting comments, especially suggestions for improvements.
MacBook Pro, OS X El Capitan (10.11.3), null
Posted on Mar 9, 2016 10:39 AM