I want to disable the password authentication of the SSH server on my OS X Server. this should be done in /etc/sshd_config, right? But I’m not sure which setting I should change…
Asked
Active
Viewed 1.7k times
14
-
it still doesn’t work. I don’t know, what I do wrong. Should I post any configs? – Sebastian Semmler Jun 14 '13 at 12:36
2 Answers
14
As any BSD system you should toggle off some options in your sshd_config like I've described in this Stack Overflow answer:
UsePam yes # it will not be used
ChallengeResponseAuthentication no
PasswordAuthentication no
kbdInteractiveAuthentication no
-
I can’t find kbdInteractiveAutentication. The options have a # at the beginning of the line. Should I remove them? – Sebastian Semmler Mar 07 '13 at 11:46
-
the # sign before lines tells about default values. kbdInteractiveAutentication seems to be deprecated but may be used. – Eir Nym Mar 07 '13 at 12:32
-
-
-
2
-
I am somewhat annoyed to discover that my upgrade to Yosemite caused sshd_config to have commented out the modifications I made to it (modifications similar to this) -- what about kbdInteractiveAuthentication? Should I add it or not? – Steven Lu Dec 31 '14 at 08:51
2
In case it helps, I was having trouble with this on 10.10 (Yosemite) and it turned out I was editing the wrong file. /etc/sshd_config is the right one, not /etc/ssh/sshd_config, which is what I was trying based on what man sshd_config says:
SSHD_CONFIG(5) BSD File Formats Manual SSHD_CONFIG(5)
NAME
sshd_config -- OpenSSH SSH daemon configuration file
SYNOPSIS
/etc/ssh/sshd_config
DESCRIPTION
sshd(8) reads configuration data from /etc/ssh/sshd_config ...
Owen
- 121
- 2
-
3
-
@Speakus this was a problem for me, as upgrading to 10.11 meant that password authentication was reenabled and I didn't catch it for a couple months. – krs013 Dec 01 '15 at 21:59