Linux SSH password authentication settings

For security concern, we can turn off the password-login function of a remote server and use key authentication instead. Following are some simple configuring samples.

1. Turn on/off password login function

$ sudo vim /etc/ssh/sshd_config

Find "PasswordAuthentication" and change it to yes/no. This will effect all the users including root.




2. Individual settings

$ sudo vim /etc/ssh/sshd_config

Add the following lines to the bottom of the file

Match User root,foo,bar
    PasswordAuthentication no
Match User HelloWorld
    PasswordAuthentication yes

The first and second lines mean that root, foo, bar can't use password to login. The third and forth lines mean that the user HelloWorld can use password to login. User can also be changed into Group if you want to configure a group.


After configuring, the ssh service should be restarted.

$ sudo /etc/init.d/sshd restart

More complicated settings can be found in
http://security.stackexchange.com/questions/18036/creating-user-specific-authentication-methods-in-ssh or linux man page