I am trying to deny access to my home server if you don't register an SSH key. Therefor, I edited /etc/ssh/ssh_config file like so:

Include /etc/ssh/ssh_config.d/*.conf

Host *
#   ForwardAgent no
#   ForwardX11 no
#   ForwardX11Trusted yes
PasswordAuthentication no
#   HostbasedAuthentication no
#   GSSAPIAuthentication no
#   GSSAPIDelegateCredentials no
#   GSSAPIKeyExchange no
#   GSSAPITrustDNS no
#   BatchMode no
#   CheckHostIP yes
#   AddressFamily any
#   ConnectTimeout 0
#   StrictHostKeyChecking ask
#   IdentityFile ~/.ssh/id_rsa
#   IdentityFile ~/.ssh/id_dsa
#   IdentityFile ~/.ssh/id_ecdsa
#   IdentityFile ~/.ssh/id_ed25519
#   Port 22
#   Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc
#   MACs hmac-md5,hmac-sha1,[email protected]
#   EscapeChar ~
#   Tunnel no
#   TunnelDevice any:any
#   PermitLocalCommand no
#   VisualHostKey no
#   ProxyCommand ssh -q -W %h:%p gateway.example.com
#   RekeyLimit 1G 1h
SendEnv LANG LC_*
HashKnownHosts yes
GSSAPIAuthentication yes
ChallengeResponseAuthentication no
UsePAM no
SAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile      %h/.ssh/authorized_keys

This was autogenerated on install. The changes that I added were:

PasswordAuthentication no
ChallengeResponseAuthentication no
UsePAM no
SAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile      %h/.ssh/authorized_keys

After all this and restarting the SSH service, I created a new User and tried to login, expecting a permision denied message, but I get the password prompt. What am I doing wrong??

CodePudding user response：

Whay am I doing wrong??

You are editing /etc/ssh/ssh_config. This file is read by ssh client. You should be editing /etc/ssh/sshd_config. ssh_config has no effect on sshd (well, unless you have some odd distribution-specific configuration setup).