Disabling password authentication for SSH doesn't work as expected Ubuntu 14.04 LTS

Question

I want to make sure that the only way to access a computer through SSH is if the client's key is already added to the authorized_keys file on the server.

For this, I edit /etc/ssh/sshd_config and enable the following options

ChallengeResponseAuthentication no
PasswordAuthentication no
PubkeyAuthentication yes
UsePAM no

Following this, I restart the sshd service

sudo /etc/init.d/ssh restart

However, when I try to ssh into the server from a client whose key is not saved in the server's authorized keys file, I get prompted for a password.

EDIT: I have figured out what the problem is, but I am going to leave this question here in case it is useful to someone else.

What happens is that when connecting from a client with a key not in the authorized_keys file, the server asks for the password, but no matter what password is entered, it is declined. I think this is so that it is difficult for attackers to understand how the sshd is configured.

Answer 1

I was on ubuntu 20.04 and found out that sshd_config had a file included on the very beginning "Include /etc/ssh/sshd_config.d/*.conf" which had "PasswordAuthentication yes" in it that overrides that setting in sshd_config

Answer 2

Just to help anyone who finds this and still seems to be able to login with root and password, I found that rebooting the VPS seemed to get everything reconfigured properly.

Answer 3

The behavior that I described above is the intended behavior of the sshd. No matter what password is entered, it will not be accepted.