sshd_config automatically changes rules after reboot

Question

On different machines on AWS/EC2, I keep having sshd rules being changed after rebooting machines

Original rule:

Match Group sftpusers
        ChrootDirectory /data/sftp/%u
        ForceCommand internal-sftp
        PasswordAuthentication yes

Mofified rule after reboot:

Match Group sftpusers
ChrootDirectory /data/sftp/%u
ForceCommand internal-sftp
PasswordAuthentication no

So basically, the users of this group cannot authentificate for sftp connection, which is really annoying.

Note: PasswordAuthentication is set to No by default. I only allow it for this group of user

Ay idea?

Answer 1

Check you have /etc/cloud/cloud.cfg or similar file. I am not sure what it is called in CentOS. Look for ssh_pwauth parameter.

If it is set to 0, it means password authentication will be disabled (through sshd_config). Set it to 1 and try.

Answer 2

If you are using Amazon Linux ECS optimized AMI.

then you need to change in /etc/cloud/cloud.cfg.d/00_defaults.cfg to ssh_pwauth: true

By default ssh_pwauth: false which make PasswordAuthentication no after every reboot.