So I own a QNAP TS-251+, and QNAP is notorious for rewriting the config files for all their services to the default every time the device restarts. I wanted to change the sshd_config file so that I could restrict login via password and only allow RSA key authentication as a means of login. I wrote a little sed command and a restart script in the autorun.sh of the QNAP that I configured (and that works perfectly, since the config file is changed to what I want every time it boots up) to run at the start of the system. The code I used is as shown:
sed -i -e 's/#PermitRootLogin yes/PermitRootLogin no/' -e 's/#ChallengeResponseAuthentication yes/ChallengeResponseAuthentication no/' -e '#PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config /etc/init.d/login.sh restart
I'm somehow still able to login with only a password, so I'm wondering if the problem is in the reset of login.sh (there is no /etc/init.d/sshd, since QNAP apparently incorporates it in /etc/init.d/login.sh), or if there's a problem with some setting in the config file. Here's a pastebin to the contents of the config file. Has anyone else perhaps tried this method before? I know it isn't necessary security-wise, but it's more convenient, and I prefer to have RSA authentication, so I might as well make it more secure by disabling the password login.