Preventing password auth attempt during publickey logon

[securitygeneration]

We have a connection with publickey auth, but for despite being configured this way, Cyberduck will always try to connect using password first. Naturally this fails, and then Cyberduck falls back on doing the publickey auth. The problem is that this leads to security alerts on the receiving end (as they monitor closely for potential signs of abnormality/intrusion - of which password auth attempts is one). Can we get Cyberduck to stop trying password auth when explicitly configured for publickey?

Thanks.

[dkocher]

There are two options

1. Make sure the SSH server does not return password authentication type in the allowed list. For OpenSSH this should be the PasswordAuthentication no directive.
2. As documented in Too Many Authentication Failures, set PreferredAuthentications in client configuration file ~/.ssh/config to disable.

   PreferredAuthentications publickey
   

[securitygeneration]

Thanks @dkocher! So Cyberduck is leveraging the underlying system's SSH configuration. Is there any way to insert such ~/.ssh/config options directly into the .duck Bookmark file such that it can be shared without each client having to update its local SSH config file?