I've just installed Ubuntu 22.04.3 LTS. Set up SSH as I have done for years.
In /etc/ssh/ssh_config changed:
PasswordAuthentication no
PubkeyAuthentication yes
ChallengeResponseAuthentication no
Restarted the service systemctl restart sshd
I can still log in by Password.
It seems /etc/ssh/sshd_config.d/50-cloud-init.conf
contains a line PasswordAuthenticaion yes which overrides ssh_config
To my way of thinking this is a security flaw introduced by Ubuntu in this release as it breaks years of tradition and standard practice where disabling password authentication in sshd_config has worked. I can imagine a releaseupdate potentially changing a setting or a standard config being thrown in place by scripts and getting subverted by this change.
Is there a reason for this change or is it a mistake in this release?
Thanks
