Hello everyone,
We are setting up a server at work, and we have run into something that
I am not sure how to resolve.
We have set up sshd (OpenSSH server) on the machine. We have placed ssh
keys into each user's home directory that needs to access the system
(and they work). We want to disable everyone from logging in, using a
password, utilizing ssh keys only to access the system.
I have modified /etc/ssh/sshd_conf to have these settings:
ChallengeResponseAuthentication no
PasswordAuthentication no
UsePAM no
I then restarted the ssh daemon (/etc/init.d/sshd restart), but it still
allows the user to login using their password. What am I missing?
Searching google, only turned up the changes that I made above, so I am
unclear what else that I need to do. Any guidance would be greatly
appreciated.
--
Doug
Registered Linux User #285548 (http://counter.li.org)
----------------------------------------
Random Thought:
If all else fails, immortality can always be assured by spectacular error.
-- John Kenneth Galbraith
> > We have set up sshd (OpenSSH server) on the machine. We have placed ssh > keys into each user's home directory that needs to access the system > (and they work). We want to disable everyone from logging in, using a > password, utilizing ssh keys only to access the system. > > I have modified /etc/ssh/sshd_conf to have these settings: > ChallengeResponseAuthentication no > PasswordAuthentication no > UsePAM noThe config file for sshd is "/etc/ssh/sshd_config" You have modified the config file for the ssh client. Just make sure sshd_config has PasswordAuthentication No and restart sshd and you should be fine. Barry
Ski Dawg wrote:> Hello everyone, > > We are setting up a server at work, and we have run into something that > I am not sure how to resolve. > > We have set up sshd (OpenSSH server) on the machine. We have placed ssh > keys into each user's home directory that needs to access the system > (and they work). We want to disable everyone from logging in, using a > password, utilizing ssh keys only to access the system. > > I have modified /etc/ssh/sshd_conf to have these settings: > ChallengeResponseAuthentication no > PasswordAuthentication no > UsePAM no > > I then restarted the ssh daemon (/etc/init.d/sshd restart), but it still > allows the user to login using their password. What am I missing? > > Searching google, only turned up the changes that I made above, so I am > unclear what else that I need to do. Any guidance would be greatly > appreciated. > -- > Doug >I would advice these changes to the "default" sshd_config settings: PermitRootLogin without-password AuthorizedKeysFile /just_a_dir/authorized_keys/%u PasswordAuthentication no UsePAM yes This will give you control of access if at least the /just_a_dir/authorized_keys folder is not writeable for the world (the keys need to readable, not writeable for the user that tries to log on) Theo
Reasonably Related Threads
- [Bug 843] sshd_config.5: add warning to PasswordAuthentication
- Questions about sshd_config man page and comments in the file
- [Bug 1410] New: Correct UsePAM comment in sshd_config on Mac OS X
- Help on pam authentication with Openssh3.7.1p2
- [Bug 1266] incompatibility between s/key and keys Autentification