Disable Password Auth and Root Login via SSH

Hi there,

What id like to do is disable password authentication and root login via ssh.
I am using the X86_64 Version of DietPi v8.11.2 and OpenSSH as SSH Server.

What i did so far was creating SSH Keypairs and getting them to work with all my clients.

I already edited /etc/ssh/sshd_config:

PasswordAuthentication no
ChallengeResponseAuthentication no
UsePAM no
PermitRootLogin no

However, my dietpi/openssh server seems to ignore these changes (of course i reloaded the config and restarted the service) as i am still able to login as root via SSH and can still use passwords for login.

I am doing this, because in some scenarios it might be helpful to me to access my server from external via SFTP, or probably SSH even right into it. I plan on doing that by implementing remote.it (which i can also install using dietpi-software) as i already used it in similar scenarios to reduce the attack surface.

Any help is appreciated …

Thanks!

PS: and can somebody probably explain to me why some tools offer a conversion to putty format (e.g. winscp) and my server rejects those keys once converted?

I’m just guessing, because I use dropbear and not OpenSSH, but I think you need to change /etc/ssh/sshd_config.d/dietpi.conf
The config is stored in there, because when an update of the software happens, the default config file get’s overridden and your changes would be lost, but not with the custom files in *.d/ folders.

1 Like

Yep - thats exactly what i did wrong… Thank you! Its now working!

1 Like