1

Asking again as current config according to many solutions shown are still allowing me to log in with password. I have successfully set up ssl cert login.

Here is my sshd_config (without commented out parts for brevity)

Include /etc/ssh/sshd_config.d/*.conf
PermitRootLogin no
PubkeyAuthentication yes
PasswordAuthentication no
ChallengeResponseAuthentication no
KbdInteractiveAuthentication no
UsePAM yes
X11Forwarding yes
PrintMotd no
AcceptEnv LANG LC_*
Subsystem       sftp    /usr/lib/openssh/sftp-server

Checking a different server config where the same settings are in place I get a response of

No supported authentication methods available (server sent public key)

which is exactly what I want, no possible way to enter password.

The only difference is that it works on Ubuntu 18.04 but fails on Ubuntu 23.04

The working config is:

PasswordAuthentication no
ChallengeResponseAuthentication no
UsePAM yes
X11Forwarding yes
PrintMotd no
AcceptEnv LANG LC_*
Subsystem       sftp    /usr/lib/openssh/sftp-server
Datadimension
  • 227

2 Answers2

0

It shows that "UsePAM yes" Maybe compare PAM settings between the hosts.

AuthenticationMethods "publickey,password publickey,keyboard-interactive" inside the /etc/ssh/sshd_config file. https://man.freebsd.org/cgi/man.cgi?sshd_config(5)

Or there is something extra in the /etc/pam.d/sshd.

HBtools
  • 23
0

It seems the line

Include /etc/ssh/sshd_config.d/*.conf

containing

PasswordAuthentication yes

was the issue, the reason I did not look here initially was that I expected any statement following in the main conf would override whatever was set prior in the included files.

This is not the case. I commented out the include line and all is working as expected

Datadimension
  • 227