The correct configuration to meet the specified security requirements involves setting PermitRootLogin no and PasswordAuthentication no in the /etc/ssh/sshd_config file.
PermitRootLogin no explicitly forbids the root user from logging in via SSH, which is a critical security hardening step.
PasswordAuthentication no disables the ability for any user to authenticate using a password, thereby enforcing the use of other methods like public key authentication.
The combination of DenyUsers root and PubkeyAuthentication yes is incorrect because while DenyUsers root would block the root user, PubkeyAuthentication yes only enables public key authentication but does not disable password authentication, failing to meet the second requirement.
The combination of PermitRootLogin no and UsePAM no is incorrect. While the first directive is correct, UsePAM no disables Pluggable Authentication Modules. This is a broader change that affects how different authentication schemes interact with the system and is not the direct way to disable password authentication itself.
The combination of AllowUsers admin and ChallengeResponseAuthentication no is incorrect. AllowUsers restricts SSH access to specific users but doesn't inherently block root unless root is omitted from the list. ChallengeResponseAuthentication no disables a specific type of interactive authentication which can include passwords, but PasswordAuthentication no is the primary directive for disabling simple password logins.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the purpose of the `PermitRootLogin no` directive?
Open an interactive chat with Bash
How does setting `PasswordAuthentication no` improve SSH security?
Open an interactive chat with Bash
What is the difference between `PasswordAuthentication no` and `PubkeyAuthentication yes`?