Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Disable password authentication in SSH

I have configured ssh on a 2960 to use public key authentication. Now that I can securely log into ssh without a password Is it possible to disable password authentication so that it is impossible to login without the key?

Everyone's tags (1)
2 REPLIES
Community Member

Disable password authentication in SSH

no.

this is to the protocol standards of ssh which is clearly outlined in the RFC4252.

Authentification is a fixed part of the SSH protocol and offers EITHER hostbased (with key) OR user/password based authentication.

http://tools.ietf.org/html/rfc4252

Regards,

David.

Community Member

Disable password authentication in SSH

I realize that authentication is an integral part of ssh, ssh does however allow for a variety of authentication mechanisms. I have all my linux systems configured (standard option of openssh) to deny password authentication (much easier to hack than public key). I want to not allow password authentication so as to minimize the possibliity of a brute force attack. While it might be possible given enough time to brute force an ssh public key it will certainly be orders of magnitude more difficult than the maximum password length of 25 characters in the Cisco IOS.

1448
Views
0
Helpful
2
Replies
CreatePlease to create content