How would you ensure a non-root user can log in via SSH using key-based authentication, and disable password authentication?

Enabling login for a non-root user with SSH key-based authentication while disabling password access requires two things: the server must accept public key logins, and the user must have a public key in their authorized_keys. Place the user’s public key in their ~/.ssh/authorized_keys (ensuring the directory and file have secure permissions). Then configure the SSH server to allow keys and to reject passwords by setting PubkeyAuthentication to yes and PasswordAuthentication to no in /etc/ssh/sshd_config, and restart the sshd service. This setup ensures the user can authenticate using their private key, and password-based login is blocked. The other options fail because they either disable key-based authentication, enable password login, or target the wrong user (root) rather than the intended non-root user.