question about PermitRootLogin and challenge response authentication
Hi,
After upgrading some machines to sarge (ssh 3.4 -> 3.8), I ran into some
problems:
is it possible to disable every password authentication style for root,
but not for anybody else, when PAM and ChallengeResponseAuthentication
is activated?
Only ssh2 keys (DSA/RSA) should be allowed.
I considered the following in sshd_config:
...
PermitRootLogin without-password
ChallengeResponseAuthentication yes
PasswordAuthentication no
UsePAM yes
...
Well, this would still allow me to login as root via password, while the
following would block root via password:
...
PermitRootLogin without-password
ChallengeResponseAuthentication no
PasswordAuthentication yes
UsePAM yes
...
Are s/key passwords treated 'like' RSA/DSA keys, and thus root logins
allowed ?
thanks in advance!
- Christian
Reply to: