Just for clarity, I just ran into this (pretty old !) issue and found the culprit. Even though you can configure PermitEmptyPasswords in the sshd_config file, pam will not allow any passwordless authentication from a non secure tty (from /etc/securetty). "ssh" is per definition a non-secure tty. Hence no matter what you put in your sshd_config file, password less authentication via ssh is not possible unless you either - replace "nullok_secure" with "nullok" in /etc/pam.d/common-auth, or - add "ssh" to /etc/securetty. What was the point of the nullok_secure at the first place ? Having a second "line-of-defense" against configurations like mine who wish passwordless (keyless) ssh access ? Regards, Ben. PS: Just for the record, I don't allow world-access to my system, I have the following in my configuration: Match User omp PermitEmptyPasswords yes ForceCommand /usr/bin/socat UNIX-CONNECT:/path/to/the/socket.sock -
Attachment:
pgpaeUbu_g1yw.pgp
Description: OpenPGP digital signature