Can use Password authentication with SFTP even though "PasswordAuthentication no" in /etc/ssh/sshd_config
By looking at /var/log/auth.log, it is verified that Filezilla on the Mac client actually seems to be using the Mac SSH-agent rather than the password entered there.
Verified that SFTP is using SSH-keys authentication by trying and failing to connect through SFTP on another computer.
Related videos on Youtube
Agrim
Updated on September 18, 2022Comments
-
Agrim over 1 year
I have enabled SSH-keys based authentication on the Ubuntu 14.04 server, disabled root login using SSH and can connect successfully using SSH-keys based authentication with my user account blahblah on my Mac SSH client.
However, to test the SSH login with Password authentication, I used the SFTP login in Filezilla for user account blahblah with its password, and it allowed me to log in without the need for any SSH-keys based authentication.
The
/etc/ssh/sshd_config
file is as below. As you can see, I have disabledPasswordAuthentication
. I have already restarted the sshd daemon by usingsudo service ssh restart
after modifying this config file. Any ideas why this might be happening?Port 8888 Protocol 2 HostKey /etc/ssh/ssh_host_rsa_key HostKey /etc/ssh/ssh_host_dsa_key HostKey /etc/ssh/ssh_host_ecdsa_key HostKey /etc/ssh/ssh_host_ed25519_key UsePrivilegeSeparation yes KeyRegenerationInterval 3600 ServerKeyBits 1024 SyslogFacility AUTH LogLevel INFO LoginGraceTime 120 PermitRootLogin no StrictModes yes RSAAuthentication yes PubkeyAuthentication yes IgnoreRhosts yes RhostsRSAAuthentication no HostbasedAuthentication no PermitEmptyPasswords no ChallengeResponseAuthentication no PasswordAuthentication no X11Forwarding yes X11DisplayOffset 10 PrintMotd no PrintLastLog yes TCPKeepAlive yes AcceptEnv LANG LC_* Subsystem sftp /usr/lib/openssh/sftp-server UsePAM no AllowUsers blahblah
-
lgeorget almost 10 yearsI'm unable to reproduce the problem. Could you add
-l DEBUG2
to the line that reads "Subsystem sftp /usr/lib/openssh/sftp-server" and attempt again to connect? Then edit your answer to include the lines from/var/log/messages
relevant to the connection. -
Agrim almost 10 yearsThanks for your tip about adding the debug flag. I realized from /var/log/auth.log on the server that Filezilla seems to actually be using the SSH keys from the Mac SSH agent even though I have entered the password. When I tried to sftp to the server from another computer, the access attempt was rejected as expected.
-
lgeorget almost 10 yearsProblem solved then :-). Feel free to answer yourself and accept your own answer. This way it will not be counted as an unanswered category.
-
Agrim almost 10 yearsGreat, I didn't know you could do that. :)
-
-
lgeorget almost 10 yearsDon't forget to accept it when you can (you need to wait 48 hours to accept your own answer: blog.stackoverflow.com/2009/01/accept-your-own-answers). It's both for statistics and visibility.