Disable ssh password authentication on High Sierra

high sierrassh

I want to disable password auth – ie keys only – on SSH. I've done this many times on Linux variants, and some searching here suggests it's the same on Mac, ie:

/etc/ssh/sshd_config

Then add/edit:

PasswordAuthentication no

However, this seems to have no effect – ie I can still log in with a password. Is there any different trick to do this on High Sierra?

Best Answer

For High Sierra, to prevent authentication without publickey, in the /etc/ssh/sshd_config file, set

PasswordAuthentication no
UsePAM no

To restart sshd (which is required to have it reread the config file), use

sudo launchctl stop com.openssh.sshd
sudo launchctl start com.openssh.sshd

Related Solutions

Disable password authentication on SSH server on OS X Server 10.8

As any BSD system you should toggle off some options in your sshd_config like I've described in this Stack Overflow answer:

UsePam yes # it will not be used
ChallengeResponseAuthentication no
PasswordAuthentication no
kbdInteractiveAuthentication no

MacOS – Mavericks update changes sshd_config

I had the same problem and found the answer here: Mavericks update broke ssh key-based authentication

Basically, you can't use authorized_keys2 anymore (an old default). Rename the file to "authorized_keys" and it should work again (it did so for me).

mv ~/.ssh/authorized_keys2 ~/.ssh/authorized_keys

Best Answer

Related Solutions

Disable password authentication on SSH server on OS X Server 10.8

MacOS – Mavericks update changes sshd_config

Related Question