How do I setup sshd on Mac OS X to only allow key-based authentication?

security ssh mac-osx password keys
13,075

Solution 1

After a little trial and error, I found the answer myself. These options need to be set in /etc/sshd_config:

PasswordAuthentication no
ChallengeResponseAuthentication no

Only changing one of them is not enough.

Solution 2

In /etc/ssh/sshd_config

# To disable tunneled clear text passwords, change to no here! Also,
# remember to set the UsePAM setting to 'no'.
#PasswordAuthentication yes
#PermitEmptyPasswords no

Set PasswordAuthentication to no and remove the # before it.

Share:
13,075
Christian Berg
Author by

Christian Berg

Updated on September 17, 2022

Comments

  • Christian Berg
    Christian Berg almost 2 years

    I have a Mac OS X machine (Mac mini running 10.5) with Remote Login enabled. I want to open the sshd port to the Internet to be able to login remotely.

    For security reasons I want to disable remote logins using passwords, allowing only users with a valid public key to login.

    What is the best way to set this up in Mac OS X?

  • Christian Berg
    Christian Berg over 14 years
    This is not working, I can still login with my password. The logfile /var/log/secure.log contains an entry like this: sshd[16306]: Accepted keyboard-interactive/pam for christian from 192.168.178.20 port 63841 ssh2 I believe the PasswordAuthentication option only controls clear-text password logins, not keyboard-interactive?
  • user21715
    user21715 over 14 years
    Did you read the comment above about setting UsePAM to 'no'?
  • Christian Berg
    Christian Berg over 14 years
    That doesn't seem to be necessary (see my own answer).
  • yorch
    yorch over 8 years
    In El Capital (and probably in Mavericks as well), the location changed to /etc/ssh/sshd_config instead of just /etc/sshd_config
  • the_real_one
    the_real_one over 5 years
    That was the fix. A LOT of online resources do not mention the key to this whole thing: ChallengeResponseAuthentication no.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

SSH authentication: either SSH keys or one time password
How do I create one user without key authentication?
Disable password access through SSH?
How can I allow SSH password authentication from only certain IP addresses?
Real one-time passwords (OTP) on Linux other than S/Key?
How to stop SSH from falling back to password?
Enforce SSH key passwords?
What are best practices for managing SSH keys in a team?
Where is the password stored for ssh authentication?
Should I delete users' passwords once I set up public key authentication for SSH?