Hi, I just enabled public key authentication on my Ubuntu 15.10 x64 droplet - and indeed, next time I logged in from my machine (called “nas2”), I was prompted to enter the pass-phrase. I then proceeded to log in from another machine (my laptop) - same user, same Ubuntu server - and I could still log in from my laptop with simple user-password authentication - no private key available on that machine.
I assume that is not supposed to happen? That defeats the purpose of having that extra layer of authentication of it can be bypassed like that?
I followed the steps in this tutorial: https://www.digitalocean.com/community/tutorials/initial-server-setup-with-ubuntu-14-04 - “Step Four — Add Public Key Authentication”
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
This question was answered by @telling:
You’ve enabled public key auth, but that doesn’t automaticly disable password login. To do so you need to change
PasswordAuthentication yestoPasswordAuthentication no.
Become a contributor for community
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
DigitalOcean Documentation
Full documentation for every DigitalOcean product.
Resources for startups and AI-native businesses
The Wave has everything you need to know about building a business, from raising funding to marketing your product.
The developer cloud
Scale up as you grow — whether you're running one virtual machine or ten thousand.
Get started for free
Sign up and get $200 in credit for your first 60 days with DigitalOcean.*
*This promotional offer applies to new accounts only.