linux – 禁用SSH的密码登录与删除所有用户的密码相同吗？

要完成所需的操作,请在sshd中禁用密码身份验证,在sshd_config中使用PasswordAuthentication no.

此设置不会影响存储用户密码的/ etc / shadow的内容.如果另一个应用程序想要通过密码进行身份验证(例如CUPS),这仍然有效.

如果要禁用此功能,则使用上述命令删除用户密码将不起作用.它允许给定用户的无密码登录,这绝对不会增加安全性.

发出passwd -l< user>将完成你的意图.请记住,除了ssh之外的其他应用程序可能会遇到问题,因为他们希望在默认设置中使用密码身份验证(sudo,su,CUPS等)

引自man passwd：

-l,--lock
           Lock the password of the named account. This option disables a password by changing it to a value which matches no possible encrypted value (it adds a ′!′ at the beginning of the password).

           Note that this does not disable the account. The user may still be able to login using another authentication token (e.g. an SSH key). To disable the account,administrators should use usermod
           --expiredate 1 (this set the account's expire date to Jan 2,1970).

           Users with a locked password are not allowed to change their password.