A systems administrator is hardening a new Linux server and wants to enforce the use of SSH key-based authentication exclusively. The goal is to completely disable all forms of password-based logins to mitigate brute-force attacks. Which of the following sets of directives in the /etc/ssh/sshd_config file will achieve this security posture?
The correct configuration to enforce SSH key-only authentication and completely disable password-based logins is to set PubkeyAuthentication to yes, and both PasswordAuthentication and ChallengeResponseAuthentication to no. While PasswordAuthentication no disables the most common form of password login, ChallengeResponseAuthentication can also be used to prompt for a password (often via PAM). To ensure no password prompts are possible, both directives must be disabled. Enabling PubkeyAuthentication explicitly ensures that key-based logins are allowed. The other options are incorrect because they either explicitly permit password authentication, disable public key authentication, or only address a specific user (root) without enforcing the policy globally.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is PubkeyAuthentication in SSH?
Open an interactive chat with Bash
What is ChallengeResponseAuthentication, and why is it significant in SSH security?
Open an interactive chat with Bash
Why does PasswordAuthentication need to be disabled for key-only logins?
Open an interactive chat with Bash
CompTIA Linux+ XK0-006 (V8)
Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
IT & Cybersecurity Package Join Premium for Full Access