SSH - identify which users still login using passwords

Solution 1:

You can't do that 100% reliably, but there are two strong indications:

  • First, the presence of a .ssh/authorized_keys file is a hint the user is at least prepared to use key based login
  • Second, in the authentication log file (/var/log/secure on CentOS, /var/log/auth.log on Debian/Ubuntu), the auth method will be logged:

    Sep 28 13:44:28 hostname sshd[12084]: Accepted publickey for sven
    

    vs

    Sep 28 13:47:36 hostname sshd[12698]: Accepted password for sven
    

    Scan the log for entries with password mentioned to learn who is still using passwords. This will not work with users seldom logging in of course unless you have very long log retention.

Solution 2:

Fastest way is to disable it and see who knocks on your office door ;p

Tags:

Ssh