SSH: Allow only certain users to login with password
I got tired of the SSH failed login spam most public servers get. Allowing password login only for the users who really need it is an easy way to reduce login spam and also shrink the server's attack surface somewhat.
Create the specified user group and add users to it:
# groupadd -r password # usermod -G password <user>
# Can't login with a password if not a member of the group "password" PasswordAuthentication no Match group password PasswordAuthentication yes
Also check that there are no other
PasswordAuthentication directives effective in the file. Restart sshd. Test the login before killing existing connections.