How to only allow ssh key login and disable passwords

How can I force SSH to only allow users with a public key to log in to my server and disable all password login? Is this possible?

Edit the sshd_config on your server.

sudo nano /etc/ssh/sshd_config

Set up following directives to only allow ssh keys based login and disable passwords

ChallengeResponseAuthentication no
PasswordAuthentication no
PermitRootLogin no
PermitRootLogin prohibit-password

Add ssh keys from all clients

At least make sure admin users can ssh in with your public ssh key and can use the sudo / su - to become the root user. Otherwise you will get locked down. Say from my client:

ssh admin@server
# can I use sudo or su ?
sudo -i
su -

If not, copy ssh-keys and and configure sudo for admin.

Restart or reload sshd

On your server run

sudo systemct reload sshd.service
1 Like

Take a look at my guide which explains everything.

1 Like

Linux sysadmin blog - Linux/Unix Howtos and Tutorials - Linux bash shell scripting wiki