SSH: completly disabling password authentication

--------------------------------------------------
Hire the world's top talent on demand or became one of them at Toptal: https://topt.al/25cXVn
and get $2,000 discount on your first invoice
--------------------------------------------------

Music by Eric Matyas
https://www.soundimage.org
Track title: Puzzle Game 2

--

Chapters
00:00 Ssh: Completly Disabling Password Authentication
00:24 Accepted Answer Score 24
00:39 Answer 2 Score 5
00:52 Answer 3 Score 5
01:37 Thank you

--

Full question
https://superuser.com/questions/103722/s...

--

Content licensed under CC BY-SA
https://meta.stackexchange.com/help/lice...

--

Tags
#linux #commandline #unix #ssh #openssh

#avk47

ACCEPTED ANSWER

Score 24

Okay, I've found it! It's

ssh -o BatchMode=yes host

Not very intuitive, especially with the fact that the options I tried previously don't work.

ANSWER 2

Score 5

You can add those option to .ssh/config and save some typing:

Host host
BatchMode yes

should do the job.

ANSWER 3

Score 5

I just had this problem and found the answer here:

https://web.archive.org/web/20160403020906/http://www.gossamer-threads.com/lists/openssh/dev/47179

Basically, openssh used keyboard-interactive to implement challenge-repsonse. So if either of these options are set to "yes", then keyboard-interactive gets set to "yes" in the code. You have to set both to "no" in order to get the behavior you want.

I had to do:

ssh -o PasswordAuthentication=no -o KbdInteractiveAuthentication=no -o ChallengeResponseAuthentication=no

Of course, the BatchMode=yes setting would take care of all of these for you and future proof you against any new user interactive authentication methods in the future.