User profile for user: Jake6877
Jake6877 Author
User level: Level 1
21 points

Disable SSH password authentication

On 10.9 I want to disable SSH password authentication into my comp.


in /etc/sshd_config I have:


PasswordAuthentication no

ChallengeResponseAuthentication no


I then restarted my comp, but password authentication still works!

Posted on Jul 4, 2014 6:56 PM

Reply
4 replies
User profile for user: Jake6877
Jake6877 Author
User level: Level 1
21 points

Jul 4, 2014 7:45 PM in response to Linc Davis

Could not load host key: /etc/ssh_host_rsa_key

Could not load host key: /etc/ssh_host_dsa_key

port 22

protocol 2

addressfamily any

listenaddress 0.0.0.0:22

listenaddress [::]:22

usepam 1

serverkeybits 1024

logingracetime 120

keyregenerationinterval 3600

x11displayoffset 10

maxauthtries 6

maxsessions 10

clientaliveinterval 0

clientalivecountmax 3

permitrootlogin yes

ignorerhosts yes

ignoreuserknownhosts no

rhostsrsaauthentication no

hostbasedauthentication no

hostbasedusesnamefrompacketonly no

rsaauthentication yes

pubkeyauthentication yes

kerberosauthentication no

kerberosorlocalpasswd yes

kerberosticketcleanup yes

gssapiauthentication no

gssapikeyexchange no

gssapicleanupcredentials yes

gssapistrictacceptorcheck yes

gssapistorecredentialsonrekey no

passwordauthentication no

kbdinteractiveauthentication yes

challengeresponseauthentication yes

printmotd yes

printlastlog yes

x11forwarding no

x11uselocalhost yes

strictmodes yes

tcpkeepalive yes

permitemptypasswords no

permituserenvironment no

uselogin no

compression delayed

gatewayports no

usedns yes

allowtcpforwarding yes

useprivilegeseparation sandbox

pidfile /var/run/sshd.pid

xauthlocation xauth

versionaddendum

loglevel INFO

syslogfacility AUTHPRIV

authorizedkeysfile .ssh/authorized_keys

hostkey /etc/ssh_host_rsa_key

hostkey /etc/ssh_host_dsa_key

acceptenv LANG

acceptenv LC_*

authenticationmethods

subsystem sftp /usr/libexec/sftp-server

maxstartups 10:30:100

permittunnel no

ipqos lowdelay throughput

permitopen any

Reply
User profile for user: Loner T
Loner T
User level: Level 9
59,536 points

Jul 4, 2014 8:16 PM in response to Jake6877

Under System Preferences -> Sharing, enable "Remote Login" box and click on "All Users" radio button.


(I assume you do realize the security risks of allowing all users to login to your MBP without passwords. Also see - http://www.openssh.com/cgi-bin/man.cgi?query=sshd_config).


Now try ssh -v <LocalAdminUserName>@localhost. (Please post the output).


The following setting does not match your sshd_config


challengeresponseauthentication yes

Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

Disable SSH password authentication

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up