2

I'm connecting to an SSH server where I'm not fully in control of the sshd configuration. The server allows both public-key auth and password auth, but I want to prevent my SSH client from switching over to password auth, even when public key auth fails.

I've tried adding PasswordAuthentication no to the server entry in ~/.ssh/config but it has no distinguishable effect.

Is it even possible?

I understand that this will not provide any additional security. I'm seeking to do this solely for UX purposes, to avoid certain situations where some applications get stuck waiting for a password.

2 Answers2

5

ssh won't prompt if in batchmode:

ssh -oBatchMode=yes you@theotherhost command

You could set

alias ssh /usr/bin/ssh -oBatchMode=yes

in your .bashrc which will disable password authentication from the client side for interactive sessions. (unless you do /us/bin/ssh)

A more elaborate scheme could be:

  • make sure /usr/local/bin is in the PATH before /usr/bin
  • create a file /usr/local/bin/ssh with:
#!/bin/bash
/usr/bin/ssh $*
  • chmod a+rx /usr/local/bin/ssh

None of this is foolproof, however.

Ljm Dullaart
  • 4,643
1

Client side command or ~/.ssh/config:

Here you can find some possibilities for your solution

To disable password authentication for the current ssh connection attempt

To disable password authentication for the current ssh connection attempt, pass this option on the command line: -o PasswordAuthentication=no

To disable password authentication for all future connections to any host add the following to your ~/.ssh/config: PasswordAuthentication no

On the command line (or ~/.ssh/config) you can set PreferredAuthentications. PreferredAuthentications=publickey

How to disable password prompt from ssh client side?

The canonical way to do this is with the BatchMode option:

ssh -o BatchMode=yes …

Remote/server side /etc/ssh/sshd_config:

If don't want to use a password you can do changes in the /etc/ssh/sshd_config on the remote machine on PasswordAuthentication no

Some general settings in sshd_config remote machine:

PermitRootLogin no          # No root login
PasswordAuthentication no   # No password login
PermitEmptyPasswords no     # No empty password
PubkeyAuthentication yes    # login with public key

After edit restart your service

Z0OM
  • 3,149