Configure sshd to not accept password login on Silverblue

Normally, I’d just edit the sshd_config and call it a day.

However, I presume that won’t stick since I’m on Silverblue.

How do I make an edit to something like sshd_config so that it will persist as things get upgraded?


The admin should be able to alter files under /etc. Thus changes to sshd_config should remain, though the preferred action on most systems would be to put a special config file under /etc/ssh/sshd_config.d/ with the commands you wish to alter. Those files should never be altered by system updates.

On my system the sshd_config file contains a line that reads
Include /etc/ssh/sshd_config.d/*.conf
which ensures all *.conf files in that directory are processed.

The sshd_config file contains text that tells the user how this should be done.

1 Like

Changes made to /etc will persist on upgrade when using Silverblue; you can edit config files in that directory normally.


Good to know.

Side note: Did I mark that as a solution? I was going to set the “Solution” box but noticed it was already set for me?


I marked the previous answer as the solution.

No problem. Thanks for doing that. It just caught me off guard.