SSH - identify which users still login using passwords

I have an Ubuntu Linux server allowing password authentication for SSH, and I want to switch it to SSH keys only and disable password login.

Before I disable password login, how can I find out which users are still using passwords, and which have switched to key authentication?

Answer

You can't do that 100% reliably, but there are two strong indications:

• First, the presence of a .ssh/authorized_keys file is a hint the user is at least prepared to use key based login



• Second, in the authentication log file (/var/log/secure on CentOS, /var/log/auth.log on Debian/Ubuntu), the auth method will be logged:

  
  
  
  

  Sep 28 13:44:28 hostname sshd[12084]: Accepted publickey for sven
  

  
  
  

  vs

  
  
  

  Sep 28 13:47:36 hostname sshd[12698]: Accepted password for sven
  

  
  
  

  Scan the log for entries with password mentioned to learn who is still using passwords. This will not work with users seldom logging in of course unless you have very long log retention.