On Mon, Nov 06, 2000 at 12:08:17PM +0300, Alan KF LAU wrote: > My major concern is that if you enabled password authentication you'd > leave your system vulnerable to brute force password attacked as in > TELNET. > > Beside, if one could use password authentication, why would one bother > to take all the trouble setting up RSA connection? :) > > I did ask question here, whether I could let one group of user use > password authentication(for casual users with limited access) and the > other group of users use RSA(for admin. users who have higher > privileges). > > Seem like it's not possible, according to expert opinions here, for > current ssh release. > > I might be wrong, please advise if it's possible. I wish to know! :) it is possible, but only as a result of ssh's halfway pam support that this works: add auth required pam_listfile.so item=user sense=deny \ file=/etc/ssh/ssh_rsa_only onerr=succeed to /etc/pam.d/ssh and add RSA only usernames to /etc/ssh/ssh_rsa_only the only reason this works is because ssh ignores (or doesn't run?) all pam auth modules when doing RSA authentication. this is not tested on OpenSSH 2.0, only OpenSSH 1.2* -- Ethan Benson http://www.alaska.net/~erbenson/
Attachment:
pgphmQZIgfqYM.pgp
Description: PGP signature