[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: disable password authentication with openssh

On Thu, 2005-09-29 at 15:46 -0400, Roberto C. Sanchez wrote:
> On Thu, Sep 29, 2005 at 02:44:58PM -0500, Matthew Lenz wrote:
> > I want my users to only be able to ssh into the system using public key
> > authentication.  I can't seem to locate which option i need to toggle to
> > only allow pubkey auth.
> > 
> In /etc/ssh/sshd_config:
> RSAAuthentication yes
> PubkeyAuthentication yes
> PasswordAuthentication no
> Of course, remember to restart ssh.
> -Roberto

those are the debian sarge openssh defaults you posted and do not
disable logging in using the system password.

here are the debian defaults.  exception is the change I made to the
PermitRootLogin param .. can't remember its default.

IgnoreRhosts yes
KeepAlive yes
KeyRegenerationInterval 3600
LoginGraceTime 600
LogLevel INFO
PasswordAuthentication no
PermitEmptyPasswords no
PermitRootLogin without-password
Port 22
PrintLastLog yes
PrintMotd no
Protocol 2
PubkeyAuthentication yes
RhostsRSAAuthentication no
RSAAuthentication yes
ServerKeyBits 768
StrictModes yes
Subsystem       sftp    /usr/lib/sftp-server
SyslogFacility AUTH
UsePAM yes
UsePrivilegeSeparation yes
X11DisplayOffset 10
X11Forwarding no

Reply to: