For SSH access only, do I leave `#PubkeyAuthentication yes` commented out in sshd_config, or uncomment it?

Question

Just setting up a new Debian 10 server having uploaded my public SSH keys, not restarted sshd yet.

I can now log in without password, so now doing all the usual recommended edits in /etc/ssh/sshd_config:

ChallengeResponseAuthentication no
usePAM no
PermitRootLogin no
PasswordAuthentication no

BUT I'm wondering if leaving #PubkeyAuthentication yes commented out means "no setting" i.e. as some posts seem to indicate I can still SSH in pw-free without explicitly uncommenting this line?

score 3 · Accepted Answer · answered Mar 14 '21 at 23:15

3

man sshd_config will show you that yes is the default value for PubkeyAuthentication. So you can leave it commented out; it's the same as yes.

The stock sshd_config file also includes a comment at the top, saying that it comes with the default values present but commented out.

answered Mar 14 '21 at 23:15

Andrew Schulman

8,811
21
32
47

Thanks for the clarification. I thought as much but wasn't absolutely sure. – Dave Everitt Mar 15 '21 at 11:36
Read more https://linux.die.net/man/5/sshd_config about it before making changes. – ShapCyber Mar 04 '22 at 08:13

For SSH access only, do I leave `#PubkeyAuthentication yes` commented out in sshd_config, or uncomment it?

1 Answers1