Okay this is wild: I just noticed that changing 'PasswordAuthentication' to 'no' in /etc/ssh/sshd_config is no longer enough to disable password authentication in #ubuntu. That's because Ubuntu Server now by default creates a sshd_config.d/50-cloud-init.conf file which contains 'PasswordAuthentication yes' which takes priority over sshd_config.
I would've unknowingly left password auth on if I hadn't double checked.
Why?
More: https://askubuntu.com/questions/1516262/why-is-50-cloud-init-conf-created
#security #linux #server #ubuntuserver
mort
npub169…clmh6
2025-01-19 14:24:12 UTC
Author Public Key
npub169scvwz5u6g484knr3md8r9hfgmnelm4fe6p868ns8e0556ku6ps2clmh6Seen on
wss://relay.momostr.pinkPublished at
2025-01-19 14:24:12 UTCEvent JSON
{
"id": "577fcd8ade49881cb5705caac78bb5d26de23fc700844cebd5684cbdab42a44f",
"pubkey": "d161863854e69153d6d31c76d38cb74a373cff754e7413e8f381f2fa5356e683",
"created_at": 1737296652,
"kind": 1,
"tags": [
[
"proxy",
"https://fosstodon.org/@mort/113855473402304315",
"web"
],
[
"t",
"linux"
],
[
"t",
"security"
],
[
"t",
"server"
],
[
"t",
"ubuntuserver"
],
[
"t",
"ubuntu"
],
[
"proxy",
"https://fosstodon.org/users/mort/statuses/113855473402304315",
"activitypub"
],
[
"L",
"pink.momostr"
],
[
"l",
"pink.momostr.activitypub:https://fosstodon.org/users/mort/statuses/113855473402304315",
"pink.momostr"
],
[
"-"
]
],
"content": "Okay this is wild: I just noticed that changing 'PasswordAuthentication' to 'no' in /etc/ssh/sshd_config is no longer enough to disable password authentication in #ubuntu. That's because Ubuntu Server now by default creates a sshd_config.d/50-cloud-init.conf file which contains 'PasswordAuthentication yes' which takes priority over sshd_config.\n\nI would've unknowingly left password auth on if I hadn't double checked.\n\nWhy?\n\nMore: https://askubuntu.com/questions/1516262/why-is-50-cloud-init-conf-created\n\n#security #linux #server #ubuntuserver",
"sig": "c512e254961b50237d3236bdf2190ca9a6cd6ba5eb4b8bbd947ce310fd1074a4609d0ea5b770c153d5a70f59970091e67d6a8ec2e7b981765480cca94ca5e12e"
}