How do I completely disable password ssh logins?

Question

I'm setting up a raspberry pi 3 running the raspbian operating system, that will be connected to wifi constantly with ssh enabled, thus security is a must. I have successfully enabled login via a public-private key pair, and am trying to make this the ONLY way to access the pi via ssh.

I've looked at a few threads on this topic, and scoured my sshd_config file for anything that smacks of a password login (PasswordAuthentication, PermitRootLogin, KerberosAuthentication, UsePAM, etc.) to turn them all off, but to no avail. As soon as a login with the public key fails, it immediately prompts for the password.

I've restarted sshd and even rebooted the pi several times, but nothing changes.

I'm not too desperate since the password is quite strong, but it seems like such a waste to use a public key login if password logins are possible.

Answer 1

in my case i edited /etc/ssh/sshd_config and uncommented the line PasswordAuthentication no, that did it in my case, now if the client send no key or an unauthorized one the server closes the connection. Just make sure the line is not commented #PasswordAuthentication no the # is a comment and gets ignored, and since the default is yes it wont work.

Answer 2

man sshd:

 AuthenticationMethods

         For example, an argument of “publickey,password
         publickey,keyboard-interactive” would require the user to com‐
         plete public key authentication, followed by either password or
         keyboard interactive authentication.  Only methods that are next
         in one or more lists are offered at each stage, so for this exam‐
         ple, it would not be possible to attempt password or keyboard-
         interactive authentication before public key.

So choose the only one which you are preferred:

AuthenticationMethods publickey

The password request what you see is not asking for a pam password, rather than a password protected publickey - you haven't tried it.