Solve ssh ban password login does not take effect

Posted on In Views: Word count in article: 1.2k Reading time ≈ 1 mins.

For safety concern, I will configure my ssh as follows:

1
2
3
4
PubkeyAuthentication yes
PermitRootLogin prohibit-password
PasswordAuthentication no
PermitEmptyPasswords no

However, yesterday I find it does not work by mistake.

Screenshot 2024-03-08 at 12.09.40

When I typed private key passphrase wrong 3 times, it pops password authentication to my surprise! Then I googled it and find the reason and solution.

Just login your server as root.

1
cat /etc/ssh/sshd_config

You will see this line:

1
Include /etc/ssh/sshd_config.d/*.conf

This means sshd_config will load configuration from other folder. And this has higher priority. Let’s see what is it.

1
2
cd /etc/ssh/sshd_config.d/
ls

You will see a file called “50-cloud-init.conf”

1
cat 50-cloud-init.conf

The output is:

1
PasswordAuthentication yes

This file is a default file in Ubuntu official image. Then you should know the reason why your “PasswordAuthentication no” cannot work. The solution is obvious. We can delete or edit this file.

1
2
sudo rm 50-cloud-init.conf
sudo service ssh restart

Then everything works fine.

Screenshot 2024-03-08 at 12.17.11

It is highly recommended to check your server whether it contains 50-cloud-init.conf and whether ssh configure is correct and works as your expected.

Reference

  1. https://taketo.cc/pages/linux/issue/003/#ubuntu%E9%85%8D%E7%BD%AE%E7%A6%81%E6%AD%A2%E5%AF%86%E7%A0%81%E7%99%BB%E5%BD%95%E6%97%A0%E6%95%88