0

When we do

sudo apt install -y openssh-server

it installs by default with password authentication which could be unsafe if the password is too easy, and it already starts listening for connections.

Is there a way to run at first run with public key authenticartion only?

Improve this question
2

1 Answer 1

Reset to default
2

Similar to what Panki suggested you can add your customization in sshd_config.d before installing.

Debian's sshd_config starts with an Include /etc/ssh/sshd_config.d/*.conf. It is in general a good idea to place changes to the default config in sshd_config.d instead because it avoids conflicts if sshd_config changes.

So a simple

# mkdir -p /etc/ssh/sshd_config.d # echo 'PasswordAuthentication no' >> /etc/ssh/sshd_config.d/auth.conf

before installing could solve your problem.

Improve this answer
3
  • that is dangerous as it has no other special configs self generated by sshd Commented Aug 29, 2024 at 18:16
  • 1
    I'm not sure what you mean by special configs. It should work fine for Debian since that default config starts by including configs from this directory which is usually empty and ssh uses the value from the first time an option was specified. Commented Aug 29, 2024 at 22:05
  • @GuerlandoOCs I'm curious to know why this is dangerous. I use roughly the same code in my startup scripts. Commented Sep 6, 2024 at 18:00

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.