devops

Why is sshd still allowing password auth despite updating config file?

A simple answer to an interesting symptom

Mike Berggren

Nov 25, 2024 — 1 min read

I'll keep this short and sweet: On recent editions of debian linux distributions, you may have noticed that setting PasswordAuthentication no doesn't seem to have any effect when you set it.

That's because high up in the sshd_config file, there's a statement to include additional configs:

Include /etc/ssh/sshd_config.d/*.conf

Any settings pulled from this other area overrides conflicting statements in the main sshd_config file.

The solution? Specifically delete the 50-cloud-init.conf file and bounce sshd:

example@foo:~# sudo rm /etc/ssh/sshd_config.d/50-cloud-init.conf
example@foo:~# sudo systemctl restart ssh

Be sure to examine the 50-cloud-init.conf file for any other non-default parameters that you might want to maintain. In my case, I didn't need anything else but your mileage may vary.

What are common data types for python?

An brief introduction into data types for python.

What's the difference between "Active-Passive" and "Active-Active" HA modes in FortiGates?

A brief description of HA modes on FortiGates

What's the difference between "underlay" and "overlay" links in SD-WAN?

A quick explanation for underlay and overlay networks.

What are the logical elements that make up FortiGate SD-WAN?

A quick break-down of FortiGate SD-WAN components.

Read more

What are common data types for python?

What's the difference between "Active-Passive" and "Active-Active" HA modes in FortiGates?

What's the difference between "underlay" and "overlay" links in SD-WAN?

What are the logical elements that make up FortiGate SD-WAN?