Add option to disable password login and allow only public-key authentication

[tylide]

Please add a configuration option to disable password-based login and allow authentication only via public keys.

[gustavosbarreto]

Thanks for the suggestion.

Could you clarify the scope you have in mind? Specifically:

• Should this be a per-namespace setting (disabling password auth for all devices in the namespace), per-device, or per-user?
• Do you expect this to be enforced on the server side (gateway), so the agent never even receives password auth attempts?

This will help us figure out the best approach.

[tylide]

Hi Gustavo, thanks for the quick reply.

I normally only expose SSH to the Internet with public-key authentication, so a global configuration would work for me; however, a scoped approach (per-namespace, per-device, or per-user) also makes sense. I expect this enforcement to be performed at the gateway.

Another option would be for the agent to follow each host’s /etc/ssh/sshd_config settings.