# PubkeyAuthentication no

## 1veedo

I'm trying to set up sshd so you have to already have the public key in order to log in, ie the server wont send it to you even if you ask.  I found this setting PubkeyAuthentication but it still sends the public key even if you set it to no.  How exactly do you turn that off?

----------

## Hu

I think you are very confused.  First, why do you care if the server sends you its public key?  This is the only way you can be sure you have connected to the correct sshd.  Second, the setting you found controls whether clients are permitted to use public key authentication to log in.  It has no effect on the pre-login handshake.

----------

## 1veedo

I guess I'll just do it by IP then... I'm pretty sure you can do it that way.

----------

## Hu

You can restrict logins to specific source addresses, but there is no way to prevent the sshd from sending its key to any client which connects.  This behavior is a necessary part of the protocol.  Disabling it would not provide any security.

----------

