The "PasswordAuthentication" SSHD configuration specifies whether password authentication is allowed. The default is yes.
Password authentication is susceptible to brute-force and man-in-the-middle attacks. While it is possible to have strong passwords, users tend to use weak passwords and not follow password best practices making the server extremely susceptible to hacking. Another con of password authentication is that the SSH client sends usernames and passwords to the server being logged into, making this method vulnerable to more types of attacks. The best practice for authentication is to use only public keys, disabling password authentication.
You need to add or change a setting at the SSHD configuration file.
grep PasswordAuthentication /etc/ssh/sshd_config
If the output isn’t empty, the argument is present in the file. Edit the file
/etc/ssh/sshd_config and replace the current
PasswordAuthentication value for
no. If the line is commented (contains a leading #), uncomment it removing
the leading #.
If the output is empty, this argument could still be defined in a
/etc/ssh/sshd_config.d/. Check there too:
grep PasswordAuthentication /etc/ssh/sshd_config.d/*.conf
If the output isn’t empty, edit the file where the argument is defined,
changing its value to
If you couldn’t find the argument definition anywhere, edit the file
/etc/ssh/sshd_config and include the following line:
Finally, restart the SSHD service:
sudo systemctl restart sshd