Ski Dawg wrote:
Hello everyone,
We are setting up a server at work, and we have run into something that
I am not sure how to resolve.
We have set up sshd (OpenSSH server) on the machine. We have placed ssh
keys into each user's home directory that needs to access the system
(and they work). We want to disable everyone from logging in, using a
password, utilizing ssh keys only to access the system.
I have modified /etc/ssh/sshd_conf to have these settings:
ChallengeResponseAuthentication no
PasswordAuthentication no
UsePAM no
I then restarted the ssh daemon (/etc/init.d/sshd restart), but it still
allows the user to login using their password. What am I missing?
Searching google, only turned up the changes that I made above, so I am
unclear what else that I need to do. Any guidance would be greatly
appreciated.
--
Doug
I would advice these changes to the "default" sshd_config settings:
PermitRootLogin without-password
AuthorizedKeysFile /just_a_dir/authorized_keys/%u
PasswordAuthentication no
UsePAM yes
This will give you control of access if at least the
/just_a_dir/authorized_keys folder is not writeable for the world (the
keys need to readable, not writeable for the user that tries to log on)
Theo
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
