How to disable password authentication and root login Ubuntu Server 22.04.2 LTS on Raspberry pi 4

Question

Good morning all,

I'm new to the realm of Ubuntu/server management and likely have a dumb question. But i am really struggling to disable root login and password authentication. For context, i have setup public key login via SSH to my ubuntu server on my account running on my raspberry pi, but can't disable root login or password authentication.

I have tried editing the sshd_config file and set PasswordAuthentication to 'no' but that doesn't prevent it. I also don't have an option to disable root login. I have researched and found people refering to 'ChallengeResponseAuthentication' to disbale password authentication but can't find any reference to it.

Could it be because i am not signed in as root and instead and am on a separate user account? And if so, how do i sign in as root? Using the Ubuntu username and blank password just says incorrect password.

Answer 1

Check if there are files inside /etc/ssh/sshd_config.d , if any config file is present; if PasswordAuthentication yes is found you can delete such line. In Ubuntu 22.04.1 LTS iso, i found /etc/ssh/sshd_config.d/50-cloud-init.conf overides the sshd_config file, which had passwordauthentication enabled.

Answer 2

To expand on @sherpaurgen's answer: it's well worth reading the comments in /etc/sshd_config, noting that (in Ubuntu) the first line includes files in /etc/sshd_config.d, and that the first occurrence of a configuration setting applies (as per the man page, see man sshd_config) - so certainly see if there's anything in that directory taking precedence over anything in /etc/sshd_config, as well as understanding what the defaults are (in a fresh installation the defaults will typically be shown commented out).

It's also worth noting that you're asking 3 things, so tick each item off as you get them working - remember to reload sshd after any config changes (systemctl reload sshd.service):

• Disable password authentication
• Disable root login
• How to sign in as root

You and others have already noted the settings for the first 2, I'll suggest KbdInteractiveAuthentication instead of its now deprecated alias ChallengeResponseAuthentication (don't have both to avoid confusion, as aliases the first occurrence of either will take precedence), so probably these lines,

PasswordAuthentication no
PermitRootLogin no
KbdInteractiveAuthentication no

I suggest putting those in a local settings file in /etc/sshd_config.d as mentioned above (check the corresponding include line appears at the top of /etc/sshd_config).

The final one, signing in as root is typically achieved by signing in as your normal user id then using sudo (sudo -i, see man pages with man sudo, also the man pages it references in the 'see also' section near the end of the man page). Re. your question "Could it be because i am not signed in as root and instead and am on a separate user account?" you can check 'who' you are with the command whoami or for more detail id

At the risk of stating the obvious, all the sshd... settings will affect logins via ssh, they have nothing to do with console logins; I understand your question to relate to ssh so I've not addressed console login. Finally make sure you're working with sshd_config and sshd_config.d (note the d) for the SSH server settings (ssh connections to your Raspberry Pi).