Hello Rulon, can you please double-check where your openssh-server package came from? I don't have this "PasswordAuthentication yes" in any of my 20.04 systems, and a very quick look at the current package doesn't show this:
$ apt-get download openssh-server Get:1 http://wopr.domain/ubuntu focal-updates/main amd64 openssh-server amd64 1:8.2p1-4ubuntu0.1 [377 kB] Fetched 377 kB in 0s (1,097 kB/s) $ mkdir openssh-server $ cd openssh-server $ ar x ../openssh-server_1%3a8.2p1-4ubuntu0.1_amd64.deb $ tar xf control.tar.xz $ tar xf data.tar.xz $ grep -r "PasswordAuthentication yes" usr/share/openssh/sshd_config:#PasswordAuthentication yes Of the versions of openssh that are on my local archive mirror, none of the sshd_config files had this line uncommented: $ rg "PasswordAuthentication yes" -g '**/sshd_config' openssh_5.9p1-5ubuntu1.10/sshd_config 64:#PasswordAuthentication yes openssh_7.2p2-4ubuntu2.9/sshd_config 72:#PasswordAuthentication yes openssh_7.2p2-4ubuntu2.10/sshd_config 72:#PasswordAuthentication yes openssh_6.6p1-2ubuntu1/sshd_config 73:#PasswordAuthentication yes openssh_5.9p1-5ubuntu1/sshd_config 64:#PasswordAuthentication yes openssh_8.0p1-4/sshd_config 56:#PasswordAuthentication yes openssh_8.0p1-6ubuntu0.1/sshd_config 56:#PasswordAuthentication yes openssh_6.6p1-2ubuntu2.13/sshd_config 73:#PasswordAuthentication yes openssh_7.7p1-4ubuntu0.3/sshd_config 56:#PasswordAuthentication yes openssh_7.7p1-4/sshd_config 56:#PasswordAuthentication yes openssh_8.2p1-4ubuntu0.1/sshd_config 58:#PasswordAuthentication yes openssh_7.6p1-4ubuntu0.3/sshd_config 56:#PasswordAuthentication yes openssh_7.6p1-4/sshd_config 56:#PasswordAuthentication yes openssh_7.2p2-4ubuntu2.8/sshd_config 72:#PasswordAuthentication yes openssh_8.3p1-1/sshd_config 58:#PasswordAuthentication yes openssh_8.1p1-5/sshd_config 56:#PasswordAuthentication yes openssh_7.6p1-4ubuntu0.4/sshd_config 56:#PasswordAuthentication yes openssh_7.9p1-10/sshd_config 56:#PasswordAuthentication yes openssh_7.2p2-4/sshd_config 72:#PasswordAuthentication yes openssh_8.0p1-4build1/sshd_config 56:#PasswordAuthentication yes openssh_8.0p1-6build1/sshd_config 56:#PasswordAuthentication yes openssh_8.2p1-4ubuntu1/sshd_config 58:#PasswordAuthentication yes openssh_8.1p1-1/sshd_config 56:#PasswordAuthentication yes openssh_8.2p1-4/sshd_config 58:#PasswordAuthentication yes How was this system installed? Was it customized by an ISP or cloud provider? Were any programs installed outside of the Ubuntu Archive that might have such a configuration change as part of an install script? Thanks ** Changed in: openssh (Ubuntu) Status: New => Incomplete ** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1887016 Title: Openssh default config has two PasswordAuthentication params To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1887016/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
