Re: OpenSSH and PAM

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> GNUtoo@xxxxxxxxxx wrote:
>> Hello,
>> I'd like to use only PAM(for requiring additional restrictions) for
>> OpenSSH authentications and I'd like to have:
>> *key authentications
>> *s/key like authentications but more secure(because I was told that the
>> randomness of the s/key passwords is not secure nowadays)
>> (and additional things such as anti-brute-force system for PAM and
>> logins
>> restrictions based on the time/date)
>>
>> but I haven't been successful so far...
>> I first wanted to forbid others account than the ones listed in
>> /etc/ssh/sshd.allow: I've done the following
>> in /etc/ssh/sshd_config I've used PAM:
>> UsePAM yes
>> normal passwords were disabled,key enabled and s/key disabled
>> and I added:
>> auth           required        pam_listfile.so item=user sense=allow
> [...]
>> but it didn't work...account not listed in the file could still login
>> via SSH
>
> ... using public-key authentication:
>
>> debug1: matching key found: file /home/xxx/.ssh/authorized_keys, line 1
>
> SSH's public-key authentication does not use the PAM auth stack (it
> can't) but it does use the account stack for all auth types.  Add your
> pam_listfile to the account stack and it should do what you want.
thanks a lot!!! it works

[Index of Archives]     [Open SSH Unix Development]     [Fedora Users]     [Fedora Desktop]     [Yosemite Backpacking]     [KDE Users]     [Gnome Users]

  Powered by Linux