[Linux] How to disable the use of passwords only allows the use of keys to establish an SSH connection

1. Create SSH KEY

Use Ssh-keygen to generate a key pair and register the public key with the server's $HOME/.ssh/authorized_keys file.

2. Ensure that the SSH public key authentication feature is enabled

Check the/etc/ssh/sshd_config file to make sure the following two are yes:

Rsaauthentication yespubkeyauthentication Yes

Generally they are yes by default, and if not, modify to Yes to save and restart the SSH service:

$ sudo SSH Reload

3. Prohibit Password security verification

Edit the/etc/ssh/sshd_config file to make sure that the following appears in the file:

Challengeresponseauthentication nopasswordauthentication Nousepam No

Save and restart the SSH service:

sudo SSH Restart

If you are currently logged in as an SSH connection, restarting the service may fail, and you can try restarting the system.

4. Prohibit specific conditions to log in with a password

Sometimes we do not want to prohibit all users password login, you can configure the Sshd_config file to achieve the login settings for specific objects.

Use the $ man sshd_config to view help information. Sshd_config supports adding the match chunk to the file, and if the match keyword matches the condition of the row, all the keywords will be loaded one after the other until they meet the other match keyword or end of the file. So the generic Match chunk is added at the end of the Sshd_config file.

The criteria supported by the Match keyword include User, Group, Host, and Address, conditional styles are a single string, multiple styles are separated by commas, and wildcard characters (*) and negation symbols (!) are used.

The address conditional style can be in CIDR (address/mask) format, for example: 192.0.2.0/24 or 3FFE:FFFF::/32.

For example, prohibit user foo, user group bar login with password, add the following at the end of the/etc/ssh/sshd_config file:

Match User foo, Group bar    passwordauthentication No

Prohibit users other than user Foo from using passwords to log in:

Match User *,! Foo    Passwordauthentication No

The keywords supported by the Match block include:

Allowagentforwarding, Allowtcpforwarding, Authorizedkeysfile, Authorizedprincipalsfile, Banner, ChrootDirectory, Forcecommand, Gatewayports, Gssapiauthentication, Hostbasedauthentication, Hostbasedusesnamefrompacketonly, Kbdinteractiveauthentication, Kerberosauthentication, Maxauthtries, MaxSessions, Passwordauthentication, Permitemptypasswords, Permitopen,  permitrootlogin, Permittunnel, Pubkeyauthentication, RhostsRSAAuthentication , Rsaauthentication, X11displayoffset, x11forwarding, X11uselocalhost.

　　

　　

[Linux] How to disable the use of passwords only allows the use of keys to establish an SSH connection