 |
| Register | FAQ | Members List | Calendar | Links | Search | Today's Posts | Mark Forums Read |
|
||||||||
|
|
|||||||
 |
|
|
Thread Tools | Display Modes |
|
#1
12-03-2005, 11:06 AM
|
SSH struggle continued - different battlefield
Hi,
Still running SSH on a Debian Sarge (kernel 2.6.8-2-386). Port 22 is listening, firewall is open for port 22 on my LAN. I want to use public key authentication exclusively. Public key authentication works fine, but I don't manage to disable "classis" password authentication: the server accepts both. Below my sshd_config file. Any clues ? Thanks. # Package generated configuration file # See the sshd(8) manpage for details # What ports, IPs and protocols we listen for Port 22 # Use these options to restrict which interfaces/protocols sshd will bind to #ListenAddress :: #ListenAddress 0.0.0.0 Protocol 2 # HostKeys for protocol version 2 HostKey /etc/ssh/ssh_host_rsa_key HostKey /etc/ssh/ssh_host_dsa_key #Privilege Separation is turned on for security UsePrivilegeSeparation yes # Lifetime and size of ephemeral version 1 server key KeyRegenerationInterval 3600 ServerKeyBits 768 # Logging SyslogFacility AUTH LogLevel INFO # Authentication: LoginGraceTime 600 PermitRootLogin no StrictModes yes RSAAuthentication no PubkeyAuthentication yes AuthorizedKeysFile %h/.ssh/authorized_keys # Don't read the user's ~/.rhosts and ~/.shosts files IgnoreRhosts yes # For this to work you will also need host keys in /etc/ssh_known_hosts RhostsRSAAuthentication no # similar for protocol version 2 HostbasedAuthentication no # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication #IgnoreUserKnownHosts yes # To enable empty passwords, change to yes (NOT RECOMMENDED) PermitEmptyPasswords no # Change to no to disable s/key passwords #ChallengeResponseAuthentication yes # Change to yes to enable tunnelled clear text passwords PasswordAuthentication no # To change Kerberos options #KerberosAuthentication no #KerberosOrLocalPasswd yes #AFSTokenPassing no #KerberosTicketCleanup no # Kerberos TGT Passing does only work with the AFS kaserver #KerberosTgtPassing yes X11Forwarding no X11DisplayOffset 10 PrintMotd no PrintLastLog yes KeepAlive yes #UseLogin no #MaxStartups 10:30:60 #Banner /etc/issue.net Subsystem sftp /usr/lib/sftp-server UsePAM yes Dominique Gibon 
|
|
#2
12-03-2005, 05:12 PM
|
|||
|
|||
|
Re: SSH struggle continued - different battlefield
Dominique Gibon wrote:
> ... > RSAAuthentication no RSAAuthentication yes > RhostsRSAAuthentication no > ... > RhostsRSAAuthentication Um...? Probably not the source of this problem, but dump the line where you don't bother to specify a value. > #ChallengeResponseAuthentication yes ChallengeResponseAuthentication no
|
|
#3
12-04-2005, 11:28 PM
|
|||
|
|||
|
Re: SSH struggle continued - different battlefield
Allen Kistler wrote:
> > RSAAuthentication yes > > >> #ChallengeResponseAuthentication yes > > ChallengeResponseAuthentication no Spotless, works like a charm. Many thanks.
|
|
| Tags |
| battlefield, continued, ssh, struggle |
| Thread Tools | |
| Display Modes | |
|
|
Linear Mode
