sshd: Is PasswordAuthentication disabled on the Production image?

parsenault-intelcom · April 4, 2025, 5:58pm

Hi! I’m trying to verify if the sshd service has PasswordAuthentication disabled on the BalenaOS production image.

Under /etc/ssh, I found 3 sshd_config files: sshd_config sshd_config_development and sshd_config_readonly:

sshd_config and sshd_config_development do not define PasswordAuthentication, so it would default to yes
sshd_config_readonly explicitely disables PasswordAuthentication with PasswordAuthentication no

Questions:

What sshd_config file is used by the sshd service?
Is PasswordAuthentication disabled on the Production image?

I’m using balenaOS 6.5.9 on Raspberry Pi 4 (using 64bit OS)

klutchell · April 11, 2025, 7:11pm

Hey there, welcome to the forums and thanks for the question!

I can confirm that SSH password authentication is disabled on production images.
Passwordless access is enabled for development images unless SSH keys are provided via config.json.

You can read more about the differences between production and development modes here.

I hope this helps!

Topic		Replies	Views
Development images SSH access since v2.88 (?) balenaOS	3	327	May 31, 2022
Issue with SSH Access in Development Mode on Balena Devices balenaOS ssh	1	341	October 27, 2023
host OS, user root, no password?! security issue? balenaOS hostos	8	3341	March 3, 2020
Remove empty password login for root from balenaOS dev image balenaOS	7	565	June 21, 2022
How to disable local ssh on balena OS Product support ssh	6	393	August 30, 2022

sshd: Is PasswordAuthentication disabled on the Production image?

Related topics