# SSH issues trying to disable password authentication[solved]

## ianw1974

I've set up SSH to use my public keys, which I used:

```
ssh-keygen -t dsa
```

and then put them in the usual problems.  This works fine, I'm no longer prompted for a password to connect.  I then configured SSH with the following options:

```
RSAAuthentication yes

PubkeyAuthentication yes

PasswordAuthentication no
```

with the last line obviously being the one that is supposed to disable password authentication.  However, if I then go to a system which hasn't the public keys generated, and try to connect to the server in question, it still prompts for a password and let's me connect.  How can I stop the password authentication from occurring, so that it's forced to use only the public keys on the system and if you don't have them, you can't connect?

----------

## Carnildo

Are you trying to configure the client, or the server?  From your post, I can't tell which you're doing.

----------

## Naib

he is trying to configure the server

I have this in my sshd_config for passwdless login 

```

PermitRootLogin no   # only one user can ssh into my boxen

PubkeyAuthentication yes   # cause I use keys

PasswordAuthentication no  # cause I don't want passed

PermitEmptyPasswords no  #pointless with the prev and last but meh

ChallengeResponseAuthentication no  #disable accepting passwds   - ONLY set this once you are happy

```

----------

## ianw1974

Yes, I'm trying to configure the server, since there's no real configuration for the client except creating the id_dsa.pub as originally posted.

I added that last line about:

```
ChallengeResponseAuthentication no
```

well, uncommented it actually, and now it seems to be working perfectly fine.  If I try from another system, it says access denied (publickey).  So this is great  :Smile: 

I didn't enable the PermitEmptyPasswords option, since I thought I'd check with that last one which was what did it.  It seems PasswordAuthentication on it's own doesn't do what it looks like it should do.  Either that, or I misunderstand what that particular option is for.

But solved now  :Very Happy: 

----------

