The manpage for usermod says this about locking a users account:
-L, --lock
Lock a user's password. This puts a ´!´ in front of the encrypted password, effectively disabling the password. You can´t use this option with -p or -U.
I have tried to use this to have a user only log in with the public key, but when I lock the account I get a password prompt. When I unlock the account again the public key works.
Edited: to make it clear: I want to be able to log in using the key still, and somehow locking the user gives me a password prompt when trying to use the key
As the man page says, this effectively locks the password - as in, it makes it impossible to use the existing password on this account.
It does not disable password-based login - you need to set the correct sshd(8) options for that.
I assume you mean "remotely login via ssh", since I don't know how a public key would be used locally.
Locking you password with
usermodactually locks your whole account as you noticed. (System sees the!added in front of the password as sign to not allow you log in.)If you break you password hash by putting e.g.
*in front of it you can still log in with public key.Really you want to have a password for possible console logins etc. but disable password logins from ssh.
/etc/ssh/sshd_config: