Disabling ssh password authentication

Question

I am trying to disable password authentication with ssh, but it doesn't seem to be working. I have followed every set of directions I can find to fix this, and they're all basically the same. I have modified the /etc/ssh/ssh_config files as follows:

# This is the ssh client system-wide configuration file.  See
# ssh_config(5) for more information.  This file provides defaults for
# users, and the values can be changed in per-user configuration files
# or on the command line.

# Configuration data is parsed as follows:
#  1. command line options
#  2. user-specific file
#  3. system-wide file
# Any configuration value is only changed the first time it is set.
# Thus, host-specific definitions should be at the beginning of the
# configuration file, and defaults at the end.

# Site-wide defaults for some commonly used options.  For a comprehensive
# list of available options, their meanings and defaults, please see the
# ssh_config(5) man page.

Host *
#   ForwardAgent no
#   ForwardX11 no
#   ForwardX11Trusted yes
#   RhostsRSAAuthentication no
#   RSAAuthentication yes
#   PubKeyAuthentication yes
#   PasswordAuthentication no
#   HostbasedAuthentication no
#   GSSAPIAuthentication no
#   GSSAPIDelegateCredentials no
#   GSSAPIKeyExchange no
#   GSSAPITrustDNS no
#   BatchMode no
#   CheckHostIP yes
#   AddressFamily any
#   ConnectTimeout 0
#   StrictHostKeyChecking ask
#   IdentityFile ~/.ssh/identity
#   IdentityFile ~/.ssh/id_rsa
#   IdentityFile ~/.ssh/id_dsa
#   Port 22
#   Protocol 2,1
#   Cipher 3des
#   Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc
#   MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160
#   EscapeChar ~
#   Tunnel no
#   TunnelDevice any:any
#   PermitLocalCommand no
#   VisualHostKey no
#   ProxyCommand ssh -q -W %h:%p gateway.example.com
#    SendEnv LANG LC_*
#    HashKnownHosts yes
#    GSSAPIAuthentication yes
#    HashKnownHosts yes
#    GSSAPIAuthentication yes
#    GSSAPIDelegateCredentials no
    RSAAuthentication yes
    PubKeyAuthentication yes
    ChallengeResponseAuthentication no
    PasswordAuthentication no
    UsePAM no

I have then tried restarting the service, rebooting the computer, and everything else that I can think of and yet I can still log into this computer with my password, from multiple other computers. Here's a dump of the ssh connection:

$ ssh -v matthew@server
OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/matthew/.ssh/private_key
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: password
matthew@server's password: 
debug1: Authentications that can continue: publickey,password
Permission denied, please try again.
matthew@server's password: 

The public key connection failed because I renamed my private key, intentionally to make sure it forces password authentication and theoretically fails. At any rate, it does not and I can not for the life of me figure out what I'm doing wrong.

Any suggestions?

Answer 1

I have modified the /etc/ssh/ssh_config files as follows...

ssh_config is the configuration file for the ssh client, not the server. To block password authentication on incoming SSH connections, you need to disable the feature in the server. The server's configuration file is sshd_config, most likely in the /etc/ssh directory.

The manual page for sshd_config is here. You most likely want to set the parameter PasswordAuthentication to "no".