Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3763
Views
0
Helpful
2
Replies

Disable password authentication in SSH

paulonley
Level 1
Level 1

‎11-17-2011 03:17 PM - edited ‎03-07-2019 03:27 AM

I have configured ssh on a 2960 to use public key authentication. Now that I can securely log into ssh without a password Is it possible to disable password authentication so that it is impossible to login without the key?

2 people had this problem
Labels:
0 Helpful
2 Replies 2

dese.co.uk
Level 1
Level 1

‎11-17-2011 03:23 PM

no.

this is to the protocol standards of ssh which is clearly outlined in the RFC4252.

Authentification is a fixed part of the SSH protocol and offers EITHER hostbased (with key) OR user/password based authentication.

http://tools.ietf.org/html/rfc4252

Regards,

David.

0 Helpful

paulonley
Level 1
Level 1
In response to dese.co.uk

‎11-18-2011 08:46 AM

I realize that authentication is an integral part of ssh, ssh does however allow for a variety of authentication mechanisms. I have all my linux systems configured (standard option of openssh) to deny password authentication (much easier to hack than public key). I want to not allow password authentication so as to minimize the possibliity of a brute force attack. While it might be possible given enough time to brute force an ssh public key it will certainly be orders of magnitude more difficult than the maximum password length of 25 characters in the Cisco IOS.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card