I want to disable ssh clients from accessing using the password and only allow ssh login using SSH keys. How do I disable password authentication for SSH on Linux operating systems?

First, you need to setup a normal user account. Next, configure SSH keys for login. Once you have SSH Keys configured, you need to disable password login for all users include root. In this guide, shows you how to generate an ssh key and disable password authentication on the Linux or Unix-based system.

For demo purpose I am using a Ubuntu Linux here.

Step 1 – Login to the remote server

Use the ssh command or client such as Putty:
$ ssh [email protected]
$ ssh [email protected]

Step 2 – Create a new user account

Type the following command on Linux based system to create a new user named vivek:
# useradd -m -s /bin/bash vivek
Set the user’s password:
# passwd vivek
Sample outputs:

Enter new UNIX password: 
Retype new UNIX password: 
passwd: password updated successfully

Add user to sudo (Ubuntu/Debian) or wheel (RHEL/CentOS) supplementary/secondary group:
# usermod -aG sudo vivek
OR for RHEL/CentOS Linux:
# usermod -aG wheel vivek
The above command allows people in group wheel or sudo to run all commands. Verify it:
# su - vivek
$ id vivek
Sample outputs:

uid=1000(vivek) gid=1000(vivek) groups=1000(vivek),27(sudo)

Exit a login shell:
$ logout

Step 3 – Install ssh keys on a remote machine

All command must be executed on local system/desktop/macos/freebsd workstation. Create the key pair:
$ ssh-keygen -t rsa
Install the public key in remote server:
$ ssh-copy-id -i $HOME/.ssh/id_rsa.pub [email protected]
Sample outputs:

/usr/local/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/Users/vivek/.ssh/id_rsa.pub"
/usr/local/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/local/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
[email protected]'s password: 

Number of key(s) added:        1

Now try logging into the machine, with:   "ssh [email protected]'"
and check to make sure that only the key(s) you wanted were added.

Test ssh keybase login:
$ ssh [email protected]
Sample outputs:

Welcome to Ubuntu 16.04.1 LTS (GNU/Linux 4.8.6-x86_64-linode78 x86_64)

 * Documentation:  https://help.ubuntu.com
 * Management:     https://landscape.canonical.com
 * Support:        https://ubuntu.com/advantage
To run a command as administrator (user "root"), use "sudo ".
See "man sudo_root" for details.

[email protected]:~$ 

To run a command as administrator (user “root”), use “sudo {command}”. For example:
$ sudo ls /root/
To gain root shell, enter:
$ sudo -s
See How To Setup SSH Keys on a Linux / Unix System for more information.

Step 4 – Disable root login and password based login

Edit the /etc/ssh/sshd_config file, enter:
$ sudo vi /etc/ssh/sshd_config
Find ChallengeResponseAuthentication and set to no:

ChallengeResponseAuthentication no

Find PasswordAuthentication set to no

PasswordAuthentication no

Find UsePAM and set to no:

UsePAM no

Find PermitRootLogin and set to no:

PermitRootLogin no

Save and close the file. Reload the ssh server:
# /etc/init.d/ssh reload
OR
$ sudo systemctl reload ssh
OR Use the following on RHEL/CentOS Linux
# /etc/init.d/sshd reload

Step 5 – Verification

Try to login as root:
$ ssh [email protected]
Permission denied (publickey).
Try to login with password only:
$ ssh [email protected] -o PubkeyAuthentication=no
Permission denied (publickey).

And there you have it, password authentication for SSH disabled including root user. Your server will now only accept key based login and the root user can not login with password.