Celeb Glow
news | March 10, 2026

SSH - PasswordAuthentication no has no effect

I'm trying to configure my server to disable password authentication, I'm using keys now.

The problem is that PasswordAuthentication no is set, but it has had no effect. I'm still prompted for a password even though that's set.

More details:

  • I'm connecting to Ubuntu Server 14.04 from PuTTY on Windows 10.
  • ssh -v shows uses my key first then keyboard-interactive second.
  • I made sure I edited sshd_config, not ssh_config.
  • I restarted the ssh after applying the changes, when that had no effect I restarted the whole server, still no effect.
  • I have this exact same config file on another 14.04 server with this exact same key, but it has no issues and password auth is disabled there.

Why isn't password auth disabled as it should be, and how can I fix it?

This is the entire sshd_config file minus all commented lines for brevity.

Port 612
Protocol 2
HostKey /etc/ssh/ssh_host_ed25519_key
HostKey /etc/ssh/ssh_host_rsa_key
KexAlgorithms ,diffie-hellman-group-exchange-sha256,diffie-hellman-group1-sha1
Ciphers ,,,aes256-ctr,aes192-ctr,aes128-ctr
MACs ,,,,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,
UsePrivilegeSeparation yes
KeyRegenerationInterval 3600
ServerKeyBits 1024
SyslogFacility AUTH
LogLevel INFO
LoginGraceTime 120
PermitRootLogin no
StrictModes yes
RSAAuthentication yes
PubkeyAuthentication yes
IgnoreRhosts yes
RhostsRSAAuthentication no
HostbasedAuthentication no
PermitEmptyPasswords no
PasswordAuthentication no
X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server
UsePAM yes

2 Answers

The thing is, that the password authentication using PAM (as on all the modern systems) is handled by ChallengeResponseAuthentication option, which is yes by default.

ChallengeResponseAuthentication

Specifies whether challenge-response authentication is allowed (e.g. via PAM). The default is “yes”.

This is mentioned many times in the example sshd_config.

# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.

Add it to your sshd_config with value no, restart and it will work for you:

ChallengeResponseAuthentication no
1

One silly mistake I made (and spent a while to realize) was that instead of editing sshd_config I was editing ssh_config and that was the reason why the changes did not have the intended effect.

1

Your Answer

Sign up or log in

Sign up using Google Sign up using Facebook Sign up using Email and Password

Post as a guest

By clicking “Post Your Answer”, you agree to our terms of service, privacy policy and cookie policy

You Might Also Like

How to use PS4 controller on PC?

I can't see my coordinates and light level when I press F3 on my friend's smp

Which vendors have a lot of cash?