Disable password authentication for NETCONF interface


Is there a way to disable password authentication for the NETCONF interface and force the user to authenticate with SSH Keys instead?


You can register an authentication callback where your callback application can deny NETCONF users that use password authentication.
See the confd_lib_dp(3) man page section “AUTHENTICATION CALLBACK” for details.


What about disabling PAM authentication? Would that allow the user to still log in via SSH key or is PAM required for other parts of authentication?

If the user authenticates via PAM only, and you turn off PAM, there is no way to get the SSH key either. The SSH key needs to be associated with a user either by PAM or by local authentication etc.
You can of course remove the password for the Linux user to deny password authentication when the user is authenticated using PAM.