PasswordAuthentication no doesen't work
From: Lasse J. Kolb (Lasse@bsn.ch)
Date: 01/13/03
- Next message: Lasse J. Kolb: "Re: PasswordAuthentication no doesen't work"
- Previous message: Richard E. Silverman: "Re: telnet replacement - not ssh?"
- Next in thread: Lasse J. Kolb: "Re: PasswordAuthentication no doesen't work"
- Reply: Lasse J. Kolb: "Re: PasswordAuthentication no doesen't work"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Lasse J. Kolb <Lasse@bsn.ch> Date: Mon, 13 Jan 2003 22:26:33 +0100
Hello!
I want to allow other users from the internet to log into my computer.
BUT:
Following things should be required:
1. Only Clients with the SSH-2-Protocol should be allowed to log in.
No matter, wether they are using a "real" SSH2-client or OpenSSH with
the Protocol 2 enabled. Anyway, the SSH-1-Protocol should not be
allowed at all!
2. A public key authentication (for example DSA) is required.
Only passwords (without any private-key) should not be allowed at all.
The problem is, that "PasswordAuthentication no"
simply does not work! I can login from my local network without any
key-file. Just with a password. Why is that? That should not be
allowed!
My other question is: When someone uses an SSH2-Client (not OpenSSH),
must I add "AllowedAuthentications publickey", to the config-file?
I'm reading something like that at the book "SSH - the definitive
guide", Page 168, bottom.
I'm using Debian/stable (potato),
OpenSSH_3.4p1 Debian 1:3.4p1-1, SSH protocols 1.5/2.0, OpenSSL
0x0090603f
Below, there is my current sshd-file, which does not work as it should
:-(
Regards,
Lasse
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
This is ssh server systemwide configuration file.
Port 22
ListenAddress 0.0.0.0
#ListenAddress ::
ServerKeyBits 768
LoginGraceTime 600
KeyRegenerationInterval 3600
PermitRootLogin no
Protocol 2
RSAAuthentication no
DSAAuthentication yes
# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication no
PermitEmptyPasswords no
# Uncomment to disable s/key passwords
#SkeyAuthentication no
#Location für DSA-Hostkey (Protocol 2)
HostDSAKey /etc/ssh/ssh_host_dsa_key
# Don't read ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# Uncomment if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication
#IgnoreUserKnownHosts yes
StrictModes yes
X11Forwarding no
X11DisplayOffset 10
KeepAlive yes
# Logging
SyslogFacility AUTH
LogLevel INFO
#obsoletes QuietMode and FascistLogging
RhostsAuthentication no
#
# For this to work you will also need host keys in
# /etc/ssh_known_hosts
RhostsRSAAuthentication no
# To change Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#AFSTokenPassing no
#KerberosTicketCleanup no
# Kerberos TGT Passing does only work with the AFS kaserver
#KerberosTgtPassing yes
UseLogin no
# since these are likely to be being handled by PAM, switch them off
# here
PrintMotd no
PrintLastLog no
CheckMail no
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-- http://www.bsn.ch/Lasse PGP: 0xBCF7BF1B (DSS/D-H) · 0x4A1802C9 (RSA)
- Next message: Lasse J. Kolb: "Re: PasswordAuthentication no doesen't work"
- Previous message: Richard E. Silverman: "Re: telnet replacement - not ssh?"
- Next in thread: Lasse J. Kolb: "Re: PasswordAuthentication no doesen't work"
- Reply: Lasse J. Kolb: "Re: PasswordAuthentication no doesen't work"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
