Security
Secure Your macOS Remote SSH Access by Disabling Password Login
How to secure the SSH Remote Login feature on macOS in a few simple steps.
One of the most effective ways to secure an SSH server is to disable password authentication and only allow access via secure public key authentication. To do that it is necessary to perform some changes to a single configuration file present in your system. In this article I’ll show you how to do it in a few simple steps.

Step-by-step guide
Follow these steps to change the default access behavior:
- Open the Terminal app on your macOS system.
- Run the following command to edit the SSH server configuration file:
sudo nano /etc/ssh/sshd_config
In the sshd_config file, locate the PasswordAuthentication setting and change its value from yes to no:
# Change these options:
# PasswordAuthentication yes
# This option appears only in old versions of macOS
# ChallengeResponseAuthentication yes
# This option appears only in new versions of macOS
# KbdInteractiveAuthentication yes# To this:
PasswordAuthentication no
# This option appears only in old versions of macOS
ChallengeResponseAuthentication no
# This option appears only in new versions of macOS
KbdInteractiveAuthentication no
3. Save the changes to the sshd_config file by pressing CTRL+O and then CTRL+X to exit the text editor.
4. Now head to the Settings app and to the Sharing pane options. Disable and re-enable the Remote Login option.
After completing these steps, password authentication will be disabled for SSH on your macOS system. This means that users will only be able to access the server using a private key that is paired with a public key that has been added to the server’s authorized keys file. This provides an extra layer of security, as it ensures that only users with a valid private key can gain access to the server.
Shell script for the lazy — alternative to manual editing config files
Are you too lazy for manually editing configuration files to disable password authentication for SSH on your macOS system? Let this shell script do the work for you! This pre-crafted script makes it easy to disable password authentication without touching system configuration files.
Remember, also in this case, to disable and re-enable Remote Login from the Settings app.





