Preventing password auth attempt during publickey logon #17189

securitygeneration · 2025-06-20T10:53:00Z

securitygeneration
Jun 20, 2025

We have a connection with publickey auth, but for despite being configured this way, Cyberduck will always try to connect using password first. Naturally this fails, and then Cyberduck falls back on doing the publickey auth. The problem is that this leads to security alerts on the receiving end (as they monitor closely for potential signs of abnormality/intrusion - of which password auth attempts is one). Can we get Cyberduck to stop trying password auth when explicitly configured for publickey?

Thanks.

dkocher · 2025-06-22T19:10:50Z

dkocher
Jun 22, 2025
Maintainer

There are two options

Make sure the SSH server does not return password authentication type in the allowed list. For OpenSSH this should be the PasswordAuthentication no directive.
As documented in Too Many Authentication Failures, set PreferredAuthentications in client configuration file ~/.ssh/config to disable.
```
PreferredAuthentications publickey
```

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Preventing password auth attempt during publickey logon #17189

Uh oh!

{{title}}

Uh oh!

Replies: 1 comment

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{editor}}'s edit

{{editor}}'s edit

Uh oh!

Select a reply

Uh oh!

Uh oh!

Preventing password auth attempt during publickey logon #17189

Uh oh!

securitygeneration Jun 20, 2025

Replies: 1 comment

Uh oh!

Uh oh!

dkocher Jun 22, 2025 Maintainer

securitygeneration
Jun 20, 2025

dkocher
Jun 22, 2025
Maintainer