I read the thread pinned at the top of this forum and configured my sshd to only allow connections with a key. I also set sshd for only Protocol 2.

If I try to connect with root, I get the following message:
Permission denied (publickey,keyboard-interactive).

I am not trying to enable root to connect, but I don't want that message to print for any users that have no key in their ~/.ssh/authorized_keys file.

Is that possible? I hope I just missed a setting. Because, as I was reading the thread, I was lead to believe that disabling the password authentication would provide no response if a connection was attempted and failed.

Out of curiousity, why do you wish to disable this message? Either way, an "attacker" would realize they have been denied access to your machine.

And thereby provide no affirmative feedback to would be hackers. This was stated in the thread.

I don't see that message conveying any useful information. Additionally, I'm not sure what part of the sticky you got that information from, but I don't see the same information. Thirdly, the permission denied message originates from the client, not the server. What kind of behavior do you desire if they do not have a valid key?

Maybe somebody a little more experience has an answer.

I just gave you the answer. The *SERVER* does not generate that message, the client does. I asked what behavior you wanted from the client when users without ssh keys on the server connected to try to help you find a workable solution. I also asked you where you got your initial information that it should be "silent". I've read the thread at the top of this forum, and there's no mention of a silent connection there. If you cannot communicate your problem, do not expect magical answers.

This isn't an argument. You're wrong. The server sends a "denied" response.

If the sshd wasn't responding with the denied response, the client continues to try and eventually times out. I've tested it.

I've stated twice that I don't want the server to respond to a client connection without an authorized key.

I've also said that the above stickied thread implies that password authentication was turned off to remove server response with a password prompt. I am asking if this is possible for sshd also.

It's not a difficult question for somebody that has some experience. It's just difficult to find that person without all the distractions.

The server MUST do some sort of response: you can't make it pretend like it's not there. First off, you get the standard syn/ack sequence from the tcp connection. Then the server is the first thing to send data (its version string). If you are playing security through obscurity, it won't work.

My initial impression was that you did not want a displayed message of permission denied. The displayed message is generated by the client, as I proved above.

You may find this article interesting reading about the event sequence that sets up an SSH connection.

I'm not trying to get into an argument with you, I assure you. I am curious how you "tested" the sshd not replying with the denied response. If what you want is for it not to reply, then why don't you just do it the way you tested it?

I also believe I have plenty of experience using Linux and SSH (about 6 years worth). I am sorry if I have misunderstood your questions, but I am attempting to help you.