From: "Jeremy T. Bouse" <[EMAIL PROTECTED]> > Have you verified that keyboard-interaction is not enabled as >well? As I quote from the man page for sshd... > > PAMAuthenticationViaKbdInt > Specifies whether PAM challenge response authentication is > allowed. This allows the use of most PAM challenge response > authentication modules, but it will allow password authentication > regardless of whether PasswordAuthentication is disabled. The > default is ``no''.
Right on the money. I had followed the instructions that were given with bug 109846 and added this line to /etc/pam.d/ssh after the line mentioning "pam_env.so": auth required pam_deny.so This left me with a "password" prompt, but no matter which password I typed in, it didn't let me in. Secure, but ugly. Commenting out this line from pam.d/ssh and changing the line in /etc/ssh/sshd_config to PAMAuthenticationViaKbdInt no makes it omit the "password" prompt instead of putting up a prompt which rejects all passwords. I should have read around all mentions of "password" in the sshd man page when changing the config files. Thanks for the pointer. cc'd this to [EMAIL PROTECTED] -- Tim Freeman [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
