I’ve just made a fresh installation of DietPi on a Raspberry Pi 4, and I had some questions.
Why is there a known_hosts file in root’s .SSH directory? Why would DietPi ever be making an SSH connection to their server?
Also, is there anything extra in DietPi that may be changing the way OpenSSH works? I’ve set my configuration file to prevent logins using a password, but it still allows them.
Thanks
Welcome to our community.
The known host file is needed to be able to upload the survey file. Even if file is empty 
By default we use Dropbear SSH server. Did you changed to OpenSSH already? Usually there is no specific configuration from our side on SSH server installation.
Thanks for the response.
I did switch to OpenSSH since I need SFTP and getting that working with Dropbear seemed like a hassle. I used the dietpi.txt file to set things up, and one of the directives is whether or not to allow password-based login. Do you know if that is applied on subsequent boots?
Problem solve, and I can’t believe I missed it.
If anyone should stumble across this thread in the future, the answer is that Dietpi creates a file in “/etc/ssh/sshd_config.d” that overrides some directives. This folder is included by default in the “sshd_config” file.
Deleting the dietpi.conf file will fix it.
Also bug report uploads are done via SSH>SFTP to our server.
Enabling inbound SFTP with Dropbear requires nothing more than:
apt install openssh-sftp-server
This is a dedicated SFTP server binary, so the wrapping SSH connection is still done via lightweight Dropbear.