question about PermitRootLogin and challenge response authentication

To: debian-ssh@lists.debian.org
Subject: question about PermitRootLogin and challenge response authentication
From: Christian Guggenberger <christian.guggenberger@physik.uni-regensburg.de>
Date: Wed, 31 Mar 2004 20:45:33 +0200
Message-id: <[🔎] 1080758733.1229.22.camel@bonnie79>
Reply-to: christian.guggenberger@physik.uni-regensburg.de

Hi,

After upgrading some machines to sarge (ssh 3.4 -> 3.8), I ran into some
problems:
is it possible to disable every password authentication style for root,
but not for anybody else, when PAM and ChallengeResponseAuthentication
is activated?
Only ssh2 keys (DSA/RSA) should be allowed.
I considered the following in sshd_config:

...
PermitRootLogin without-password
ChallengeResponseAuthentication yes
PasswordAuthentication no
UsePAM yes
...

Well, this would still allow me to login as root via password, while the
following would block root via password:

...
PermitRootLogin without-password
ChallengeResponseAuthentication no
PasswordAuthentication yes
UsePAM yes
...

Are s/key passwords treated 'like' RSA/DSA keys, and thus root logins
allowed ?

thanks in advance!
 - Christian

Reply to:

Prev by Date: Bug#236306: Bug seems to be related to pam_issue.so
Next by Date: Bug#73611: Need someone in your life
Previous by thread: Bug#236306: Bug seems to be related to pam_issue.so
Next by thread: Bug#73611: Need someone in your life
Index(es):
- Date
- Thread