We've recently set up a new Linux box which is on the same local network as the rest of our machines. We want to allow only the machines on the local network to be able to SSH into the new machine, and I was going to do this by creating ssh keys and disabling password authentication.
What I've done is run ssh-keygen -t rsa -b 4096 on the new machine, copy the contents of the public key and put this in the ~/.ssh/authorized_keys file on one of the machines previously set up.
I've then gone into /etc/ssh/sshd_config on the new machine and have this:
PermitRootLogin no
PubkeyAuthentication yes
PasswordAuthentication no
Those are the only changes I made to this file, and when I try to SSH from the old machine, I get "Permission denied(publickey,gssapi-keyex,gssapi-with-mic)"
If I enable PasswordAuthentication and try to ssh I can log in by entering the user's password, but that's not the goal.
Thanks in advance, Daniel
If the user you are trying to log in as is
root, the directiveis denying access, regardless the authentication method. To allow root to log in using keys only, you should set this directive to
prohibit-password