Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

How do you disable SSH password login on 6.9+?

Featured Replies

I know I had this working on <6.9 but I built a new UnRaid box recently, installed 6.10, and I think it broke.

In my /boot/config/go file I have:

 

mkdir -p /root/.ssh
cp /boot/custom/ssh/* /root/.ssh
chmod 700 /root/.ssh
chmod 600 /root/.ssh/*
echo "PubkeyAuthentication yes" >> /etc/ssh/sshd_config
echo "PasswordAuthentication no" >> /etc/ssh/sshd_config
/etc/rc.d/rc.sshd restart

 

Which should take my authorized keys file in /boot/custom/ssh/, move it to the right place, set the correct permissions, disable password login, and restart the ssh daemon. It does correctly allow me to login with a key but I can also still login with my password which I do not want. In past versions of UnRaid I know this configuration worked so I'm confused as to what I'm doing wrong this time around.

 

I also tried uncommenting the:

 

PermitRootLogin prohibit-password

 

Line and restarting ssh but it didn't help.

 

Any assistance would be greatly appreciated. Thank you!

  • 2 weeks later...
  • Author

Sorry I missed this reply, unfortunately it doesn't solve my problem. It may make it so I can login with my keys (I already have that working) but it does nothing to prevent passwords when logging in. As in I can still `ssh root@MYIP` and get a password prompt that takes my password and logs me in. I want to completely prevent that. Make SSH key-ONLY. It's very odd to me that I've edited the `/etc/ssh/sshd_config` file and told it to not allow PasswordAuthentication and yet SSH still works without a key. 

  • Author

So I just found this thread and removing/commenting out `PermitRootLogin yes` does prevent password login. SSH will still prompt for the password (odd, I've never seen this before when I've setup a server to be key-only) but it will not accept the correct root password. I guess this is better than nothing but it's frustrating that I had this working perfectly before upgrading and now sshd doesn't appear to respect the config I give it (notably `PubkeyAuthentication yes` and `PasswordAuthentication no`).

44 minutes ago, joshstrange said:

SSH will still prompt for the password (odd, I've never seen this before when I've setup a server to be key-only) but it will not accept the correct root password.

That's actually more secure, because it doesn't tip the attacker off with the knowledge that no password will ever be accepted.

  • 3 months later...

For me, it worked copying over the sshd_config from /etc/ssh/sshd_config to

 

/boot/config/ssh/sshd_config

 

then uncommenting and setting to "no" the below two entries (PasswordAuthentication and PermitEmptyPasswords) + adding the entry to disable ChallengeResponseAuthentication. 

 

# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication no
PermitEmptyPasswords no
ChallengeResponseAuthentication no

 

Then a restart and I was no longer able to login with password. Please note that it is important to generate and test the key based login up front as otherwise, you will lose the capability to login via ssh.  

 

For remote client Mac users: 

You can create a config file in your /Users/<user_name>/.ssh folder like below to be able to use "ssh tower" to access ssh from your remote client Mac instead of typing the server address. Of course "tower" could be replaced with your shortcut / server name: 

 

1.) Go to  /Users/<user_name>/.ssh, then

 

touch config
nano config

 

Then paste into this file:

Host tower
  Hostname xxx.yyy.zzz
  user root
  IdentityFile ~/.ssh/ed25519

 

 

Notes:

Replace host name with your IP address. 

The IdentityFile should point to the location of your private key. 

You can add multiple configs to the config file like, 
 

Host name1
  Hostname aaa.bbb.ccc.ddd
  user uname1
  IdentityFile ~/.ssh/file1

Host name2
  Hostname aaa.bbb.ccc.eee
  user uname2
  IdentityFile ~/.ssh/file2

 

Edited by rob_robot

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.