nate <debian-user@aphroland.org> [2002-08-15 14:41:18 -0700]: > on my more sensitive systems I do not permit password > logins(RSA key only). This of course is set via the > PasswordAuthentication no directive in sshd_config. > > When I ssh in with version 2(-2) option, since I do not have > a DSA key on this particular host it skips the key based > auhentication and prompts me for the password! which, if > I type in the right one it logs me in! this is not the > way I want it to work. I have already tested forcing > SSH to use verison 1 only on a few systems and it works, > but I would like to have version 2 available so I can > migrate to it easier when the time comes. I do the same thing here. "PasswordAuthentication no" is enough on my systems to prevent password capability in either protocol 1 or protocol 2 mode. I am setting this on the command line in my particular and unique installation. Perhaps that is important? I am stacking an additional daemon onto another port with this as an incremental difference. Therefore I did not change the configuration file, I just created another additional /etc/init.d/sshd.rsaonly rc file and added this as command line args. But you can test it manually on the command line too. sshd -p 2200 -o 'PasswordAuthentication no' -o 'PidFile /var/run/sshd.rsaonly.pid' Then try it. ssh -2 -p 2200 localhost > Is there any way to prevent password logins when using > SSH2 on openssh as included with woody? Works fine for me. Running the latest ssh-3.4p1-0.0woody1. Bob
Attachment:
pgpBnlKv6xj1_.pgp
Description: PGP signature