Hacker News new | past | comments | ask | show | jobs | submit login

To disable logging in with password you also need:

  ChallengeResponseAuthentication no



I got a chill up my spine when I read this but fortunately it looks like this is the default on Ubuntu 16.04 and 18.04 (at least).


Apparently Debian disabled it in 2005:

  openssh (1:4.1p1-1) experimental; urgency=low
  
    […]
    * Disable ChallengeResponseAuthentication in new installations, returning
      to PasswordAuthentication by default, since it now supports PAM and
      apparently works better with a non-threaded sshd (closes: #247521).
    […]
  
   -- Colin Watson <cjwatson@debian.org>  Tue, 31 May 2005 01:33:33 +0100
https://bugs.debian.org/247521


for a longer explanation see https://blog.tankywoo.com/linux/2013/09/14/ssh-passwordauthe...

Though, if you're using TOTP via a PAM module, you'll want it




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: