Hacker News new | past | comments | ask | show | jobs | submit login
Tell HN: Ubuntu 24.04 force enables password auth, need to disable differently
17 points by samlinnfer 17 hours ago | hide | past | favorite | 5 comments
Just installed Ubuntu 24.04 from the server image (https://ubuntu.com/download/server) and was just bitten by this.

Disabling password auth in `/etc/ssh/sshd_config` does nothing.

    # To disable tunneled clear text passwords, change to no here!
    PasswordAuthentication no
    ^ This is a lie, setting it to "no" does nothing
You also need to delete /etc/ssh/sshd_config.d/50-cloud-init.conf which contains a single line:

    PasswordAuthentication yes
Other people complaining about the same thing:

[0] https://www.mikeberggren.com/deb-ssh-auth

[1] https://askubuntu.com/questions/1516262/why-is-50-cloud-init-conf-created

[2] https://askubuntu.com/a/435620






This comes from the `ssh_pwauth` setting in cloud-init. Docs: https://cloudinit.readthedocs.io/en/latest/reference/modules...

The PR https://github.com/canonical/cloud-init/pull/1618 implemented using a "sshd_config.d" file.

reply


Just checked on 24.10, it's set to "no"

reply


Is there a Launchpad bug against Ubuntu? Cloud-init is probably to blame here.

reply


Bug was filed here: https://bugs.launchpad.net/ubuntu/+source/cloud-init/+bug/20...

reply


I’ve emailed security and they said they would contact the cloud-init folks.

reply




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: