Score:0

Ubuntu

Ubuntu 23 remove login password (again)

Datadimension

6/26/24, 9:38 AM

Asking again as current config according to many solutions shown are still allowing me to log in with password. I have successfully set up ssl cert login.

Here is my sshd_config (without commented out parts for brevity)

Include /etc/ssh/sshd_config.d/*.conf
PermitRootLogin no
PubkeyAuthentication yes
PasswordAuthentication no
ChallengeResponseAuthentication no
KbdInteractiveAuthentication no
UsePAM yes
X11Forwarding yes
PrintMotd no
AcceptEnv LANG LC_*
Subsystem       sftp    /usr/lib/openssh/sftp-server

Checking a different server config where the same settings are in place I get a response of

No supported authentication methods available (server sent public key)

which is exactly what I want, no possible way to enter password.

The only difference is that it works on Ubuntu 18.04 but fails on Ubuntu 23.04

The working config is:

PasswordAuthentication no
ChallengeResponseAuthentication no
UsePAM yes
X11Forwarding yes
PrintMotd no
AcceptEnv LANG LC_*
Subsystem       sftp    /usr/lib/openssh/sftp-server

2 + 2

ssh

password

pLumo

6/26/24, 10:45 AM

did you restart sshd after the change?

Datadimension

6/26/24, 11:56 PM

yes I restarted it and reboot server

Score:0

Ubuntu

HBtools

6/26/24, 11:29 AM

It shows that "UsePAM yes" Maybe compare PAM settings between the hosts.

AuthenticationMethods "publickey,password publickey,keyboard-interactive" inside the /etc/ssh/sshd_config file. https://man.freebsd.org/cgi/man.cgi?sshd_config(5)

Or there is something extra in the /etc/pam.d/sshd.

+ 6

steeldriver

6/26/24, 12:36 PM

You're thinking along the right lines IMHO, but perhaps the solution is to keep PAM (for account and session checks) but disable `KbdInteractiveAuthentication`? See for example [Debian 12 - Unable to login using my key, and still able to login using password, but this is disabled](https://unix.stackexchange.com/a/749406/65304)

HBtools

6/26/24, 2:57 PM

Possible, I have never used this setting in PAM.

HBtools

6/26/24, 2:58 PM

Ubuntu versions different, but I think these setup should same on the OS. What is the setup on the older OS?

Datadimension

6/28/24, 10:45 AM

added KbdInteractiveAuthentication no but no change

HBtools

6/28/24, 12:48 PM

If you remove password from AuthenticationMethods from the file: /etc/ssh/sshd_config

HBtools

6/28/24, 12:50 PM

or maybe set PasswordAuthentication no

Score:0

Ubuntu

Datadimension

6/28/24, 10:53 AM

It seems the line

Include /etc/ssh/sshd_config.d/*.conf

containing

PasswordAuthentication yes

was the issue, the reason I did not look here initially was that I expected any statement following in the main conf would override whatever was set prior in the included files.

This is not the case. I commented out the include line and all is working as expected

+ 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Ubuntu 23 remove login password (again)

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.