Ubuntu 22.04.3 SSH Unable To Disable Password Authentication – Solved

The Problem ( Summary)

Disabling ssh password authentication in sshd_config, no longer works. After disabling it you can still log into an Ubuntu server (22.04.3 in my case) using a password.

There is a description of my process and a fix below.

My Experience

I’ve just installed Ubuntu 22.04.3 LTS. Set up SSH as I have done for years.

In /etc/ssh/ssh_config I changed:

PasswordAuthentication no
PubkeyAuthentication yes
ChallengeResponseAuthentication no

Then restarted the service

systemctl restart sshd

I could still log in by Password.

It seems /etc/ssh/sshd_config.d/50-cloud-init.conf now contains a line PasswordAuthentication yes which overrides ssh_config

To my way of thinking this is a security flaw introduced by Ubuntu in this release as it breaks years of tradition and standard practice where disabling password authentication in sshd_config has worked.

I can imagine a release update potentially changing a setting or a standard config being thrown in place by scripts and getting subverted by this change.

The Fix

To resolve this issue:

Edit /etc/ssh/sshd_config.d/50-cloud-init.conf

sudo vi /etc/ssh/sshd_config.d/50-cloud-init.conf

Delete or Add a # in front of the line that allows password authentication

#PasswordAuthentication yes

Save the file.

Restart ssh

sudo systemctl restart sshd

Retest and it should be fixed for you.