I'm running Leopard and have set up my machine to be accessed from the internet via SSH, and SSH only. I've secured my SSH connection by only allowing public key authentication and disabling password authentication. I thought I was being pretty safe - until I realized that I could still SFTP in by only using a password! . I talked to a linux friend with a similar setup, yet trying to SFTP in with a password doesn't work. I also compared sshd_config's with his, and even copied it (minor changes to path's for my system). After extensive searching, Googling, and experimentation I can not figure out how to get SFTP to stop accepting passwords.