Re: Password auth turned off in OpenSSH

• Previous message: olivier_at_singla.us: "cross-compilation failing"
• In reply to: Daniel Prevett: "Re: Password auth turned off in OpenSSH"
• Next in thread: Darren Tucker: "Re: Password auth turned off in OpenSSH"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: secureshell@securityfocus.com, Daniel Prevett <Daniel.Prevett@vandyke.com>
Date: 12 Oct 2004 01:12:24 -0400

On Mon, 2004-10-11 at 15:59, Daniel Prevett wrote:
> Look for an option in the sshd_config file that looks like this:
>
> # Set this to 'yes' to enable PAM keyboard-interactive authentication
> # Warning: enabling this may bypass the setting of 'PasswordAuthentication'
> PAMAuthenticationViaKbdInt yes
>
> If it's set to yes, that's likely what is happening. Setting that
> option to no should force the users to have to use public key provided
> that PasswordAuthentication is also set to no.

I remember reading the discussion of that option in the documentation as
I was researching the problem. However, my config file has that turned
off as well, that is, it is set to 'no'.

Actually, to be more specific, I used to have PasswordAuthentication
turned on. When I noticed the attempted logins recently, I turned it
off. The timestamp on my config file is September 28th, and I
specifically remember sending it a SIGHUP after I made the modification
and ps shows it having been started on September 28th.
PAMAuthenticationViaKbdInt has always been turned off. My log files show
the password attacks as recently as October 4th, when I closed that port
in my firewall pending resolution of this problem.

-- 
C. Linus Hicks <lhicks@nc.rr.com>

• Previous message: olivier_at_singla.us: "cross-compilation failing"
• In reply to: Daniel Prevett: "Re: Password auth turned off in OpenSSH"
• Next in thread: Darren Tucker: "Re: Password auth turned off in OpenSSH"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]