sshd: Is PasswordAuthentication disabled on the Production image?

Hi! I’m trying to verify if the sshd service has PasswordAuthentication disabled on the BalenaOS production image.

Under /etc/ssh, I found 3 sshd_config files: sshd_config sshd_config_development and sshd_config_readonly:

  • sshd_config and sshd_config_development do not define PasswordAuthentication, so it would default to yes
  • sshd_config_readonly explicitely disables PasswordAuthentication with PasswordAuthentication no

Questions:

  • What sshd_config file is used by the sshd service?
  • Is PasswordAuthentication disabled on the Production image?

I’m using balenaOS 6.5.9 on Raspberry Pi 4 (using 64bit OS)

Hey there, welcome to the forums and thanks for the question!

I can confirm that SSH password authentication is disabled on production images.
Passwordless access is enabled for development images unless SSH keys are provided via config.json.

You can read more about the differences between production and development modes here.

I hope this helps!