...
Disable Password Authentication
New Ubuntu and Debian Approach
This approach ensures that upgrade will not overwrite your changes,
visudo
From the the sudoers man pages,
| Code Block | ||
|---|---|---|
| ||
#includedir /etc/sudoers.d
sudo will read each file in /etc/sudoers.d, skipping file names that end in ~ or contain a . character to avoid causing
problems with package manager or editor temporary/backup files. Files are parsed in sorted lexical order. That is,
/etc/sudoers.d/01_first will be parsed before /etc/sudoers.d/10_second. Be aware that because the sorting is lexical, not
numeric, /etc/sudoers.d/1_whoops would be loaded after /etc/sudoers.d/10_second. Using a consistent number of leading
zeroes in the file names can be used to avoid such problems.
Note that unlike files included via #include, visudo will not edit the files in a #includedir directory unless one of them
contains a syntax error. It is still possible to run visudo with the -f flag to edit the files directly. |
So we'll name the file, 01_bonsai_disable_password_auth
| Code Block | ||
|---|---|---|
| ||
# Creates file, locks its and validates for syntax errors.
sudo visudo -f /etc/sudoers.d/01_bonsai_disable_password_auth |
... in process of doing this but got error validating as saving by visudo...
Older Standard
Modify the sshd_config file to disable password authentication,
...