Big Sur - Disable Password Authentication for SSH

Information

If remote login through SSH is enabled, password based authentication _MUST_ be disabled for user login.

All users _MUST_ go through multifactor authentication to prevent unauthenticated access and potential compromise to the system.

NOTE: /etc/ssh/sshd_config will be automatically modified to its original state following any update or major upgrade to the operating system.

Solution

[source,bash]
----
/usr/bin/sed -i.bak_$(date "+%Y-%m-%d_%H:%M") "s|#PasswordAuthentication yes|PasswordAuthentication no|; s|#ChallengeResponseAuthentication yes|ChallengeResponseAuthentication no|" /etc/ssh/sshd_config; /bin/launchctl kickstart -k system/com.openssh.sshd
----

See Also

https://github.com/usnistgov/macos_security