similar to: Selective blocking of password authentication

Hello all, I write a decision-support column for a computing magazine, Intelligent Enterprise. In my next column, I'll be revisiting a topic I wrote on 3 years ago, open-source analytical software. R is perhaps the most successful open-source analytical package. I'd like to hear from users, especially those who chose R for some other reason than that it's free, about what

Hi, I'm trying to use pam_listfile.so to deny logins from all others but few users (names in /etc/loginusers). With password authentication it works fine, but with public key authentication OpenSSH lets in users whose names arent't in /etc/loginusers. AllowUsers in sshd_config does what one would expect. I'm using OpenSSH-3.0.2p1 on Debian testing (package version 1:3.0.2p1-6)

It works for the "yes" case but not for the "without-password" case. The function that checks (auth_root_allowed(auth_method) is special cased for "password". The Pam case sends "keyboard-interactive/pam" which like all other authentication methods except password succeeds. Here is a patch to make it work for me. Please feel free to criticize as

/etc/login.access does not work 100% over ssh. I have the following line in login.access -:ray:ALL EXCEPT LOCAL Which I believe means the user 'ray' can not login from anywhere unless it is a local login. So, I tested it over ssh from a remote box tigger@piglet:~% ssh ray@sonic.cbnmediaX.com.au Password: Password: Password: ray@sonic.cbnmediaX.com.au's password: Last login: Sat

Hello everyone, We are setting up a server at work, and we have run into something that I am not sure how to resolve. We have set up sshd (OpenSSH server) on the machine. We have placed ssh keys into each user's home directory that needs to access the system (and they work). We want to disable everyone from logging in, using a password, utilizing ssh keys only to access the system. I have

I have installed cento 5.3. I enabled the ssh deamon. I have found that 2 options that I normally use does respond as I expect. Has anyone else had similar problems with the following options in sshd_config: - Port 6666 - if I set the port to anything other than 22 (default), using ssh -p6666 name at servername, does not work. Yet if I leave keep the default, then ssh name at servername

Hello, There has been an annoyance with OpenSSH that has been bugging me lately. It pays no attention to pw_change and pw_expire fields from the passwd file for users by default. Thus even if the admin has set a user's account to expire 5 days ago they can still login. So one might say, just add 'UseLogin yes' and all of your problems will be solved. This of course is not a good

http://bugzilla.mindrot.org/show_bug.cgi?id=667 Summary: Openssh 3.7x, Windows ssh clients and Ldap don't play together Product: Portable OpenSSH Version: 3.7.1p1 Platform: ix86 OS/Version: Linux Status: NEW Severity: critical Priority: P2 Component: PAM support AssignedTo:

Hi , I have two problems when i went through a) the man page of sshd_config and b) the comments quoted in sshd_config file itself. They are given below. a) >From the man page of sshd_config: "If UsePAM is enabled, you will not be able to run sshd(8) as a non-privileged user." I changed the permission of the hostkeys to a non-privileged user and tried to run sshd alongwith

http://bugzilla.mindrot.org/show_bug.cgi?id=843 Summary: sshd_config.5: add warning to PasswordAuthentication Product: Portable OpenSSH Version: 3.8p1 Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: Documentation AssignedTo: openssh-bugs at mindrot.org

Hi. I wonder if it would be possible to implement support for a user-specific sshd_config. The primary reason is that I would like the ability to specify that I'm only allowed to login with a key pair, even though the system-wide sshd configuration still allows passwords for other users. Of course, a user-specific sshd_config file should not be able to break the security policy of the

https://bugzilla.mindrot.org/show_bug.cgi?id=3736 Bug ID: 3736 Summary: sshd falls back to password prompt after PAM module returns a PAM_MAXTRIES. Product: Portable OpenSSH Version: 9.8p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5

Hi, I have an auth module for PAM that I wrote a few years ago called pam_vsd.so. The idea is that a user must have a certain privilege before they can successfully authenticate. Without the privilege the PAM module will return PAM_PERM_DENIED. However I find that in OpenSSH 3.7.1p2, I can easily subvert this check simply by hitting return 3 times on connection i.e. [nick at localhost

https://bugzilla.mindrot.org/show_bug.cgi?id=1474 Summary: Password authentication should be configurable per-user Classification: Unclassified Product: Portable OpenSSH Version: 5.0p1 Platform: All OS/Version: All Status: NEW Severity: enhancement Priority: P2 Component: sshd

Hello, We'd like to allow passwords only from the local network, and allow public key auth from on-campus or off-campus. The server runs SuSE Linux, and we might do the same on RHEL/CentOS & Mac OS X if we can get it to work. Unfortunately, Match allows PasswordAuthentication but not ChallengeResponseAuthentication. Is there any reason ChallengeResponseAuthentication cannot be

http://bugzilla.mindrot.org/show_bug.cgi?id=1266 Summary: incompatibility between s/key and keys Autentification Product: Portable OpenSSH Version: 4.4p1 Platform: ix86 OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: Miscellaneous AssignedTo: bitbucket at mindrot.org

http://bugzilla.mindrot.org/show_bug.cgi?id=774 Summary: banner is displaying twice (/etc/issue) Product: Portable OpenSSH Version: 3.7.1p1 Platform: All OS/Version: Solaris Status: NEW Severity: security Priority: P2 Component: sshd AssignedTo: openssh-bugs at mindrot.org ReportedBy:

Hello list, on a CentOS 6.4 machine I'm creating accounts with empty passwords. Each user's public key is located in <user's home>/.ssh/authorized_keys. When trying to ssh into that machine, following error message is displayed: Permission denied (publickey). In /etc/ssh/sshd_config I've set: PasswordAuthentication no UsePAM no If I set a password for the users, the

Hi, I'm trying to control access to different services on an Debian server using /etc/group. So that a user I create for FTP usage doesn't fill up my server with IMAP folders or samba garbage. Services like proftpd have: "AllowGroup ftpgroup" sshd have "AllowGroups sshgroup" And samba have "valid users = @smbgroup" But I can't find the correct

On 28/08/15 11:48, Volker Lendecke wrote: > On Thu, Aug 27, 2015 at 08:17:15AM +0200, L.P.H. van Belle wrote: >> This was a test on debian Jessie with sernet samba 4.2.3. >> and the test was, "login" with a AD user on ssh. >> this worked, fine, but this i noticed later. > Currently recompiling with the attached patch. I haven't > tested it yet, but I am