I have a headless debian linux machine running the ThinLinc server which I only access via the macOS client using PubkeyAuthentication.
In my host’s sshd_config file, I have set PasswordAuthentication to no but the ThinLinc web client still allows access to the linux machine using direct PasswordAuthentication.
How do i disable PasswordAuthentication for ThinLinc Web Access?
Hello @navtoj, and welcome to the ThinLinc community!
ThinLinc Webaccess does not use sshd for authentication, so any settings made to sshd_config won’t affect Webaccess.
You would need to configure PAM to change authentication settings for ThinLinc Webaccess.
In /etc/pam.d/ you’ll find a that thinlinc is a symlinc to sshd pam configuration. To make modifications (without disrupting the sshd PAM config), simply remove thinlinc symlinc and copy sshd to thinlinc and make modifications to this file.
This is a bit out of scope for what type of support we can provide and have knowledge of. But keep in mind that Password authentication and One Time password are the only supported types of authentications for webbaccess:
https://www.cendio.com/what/features
Pubkey auth won’t work in Webaccess.
Kind regards,
Martin
In that case, is there a way to disable web access and only allow access through the macOS client?
Yes, of course! 
$ sudo systemctl stop tlwebaccess
$ sudo systemctl disable tlwebaccess
Best regards,
Martin