Is it still necessary to set PasswordAuthentication to no when using an SSH key set in the control panel?

In this article Etel notes that we can turn off PasswordAuthentication by setting it to no in /etc/ssh/sshd_config after we can successfully authenticate.

If we create a snapshot of droplet where this is allready done, to avoid having to do it every time, will everything still work as expected (Assuming I still have the same SSH keys on the client)?

Also could digital ocean just default this to no, since presumably if we are logging in with SSH, it really should be no?


Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Hi @fireflysemantics

When you create a droplet with a SSH key - meaning you won’t receive a password - then it’s already defaulted to PasswordAuthentication no

Hello all,

As per hanses’s comment if you create the droplet with a ssh-key the PasswordAuthentication will be set to No

However, if you’re using password authentication and would like to have it disabled, simply follow these steps:

You can also temporary enable the PasswordAuthentication from no to yes in order to access your droplet using a password and then once you’ve entered your key to disable the PasswordAuthentication again. This way is considered more secure than uploading the key to a Dropbox in case you don’t have any other server to us.

  1. Log in to the console on the DigitalOcean website.
  2. Type sudo nano /etc/ssh/sshd_config
  3. Change PasswordAuthentication from “no” to “yes” and save the file

Hope that this helps! Regards, Alex