Didier Wiroth wrote:


using freebsd 5.2 release.

Below you can see what is not commented out in my sshd_config file, which is almost 
the default:
#$FreeBSD: src/crypto/openssh/sshd_config,v 1.33 2003/09/24 19:20:23 des Exp $
#VersionAddendum FreeBSD-20030924
Protocol 2
ListenAddress x.y.z.x
LoginGraceTime 60
PubkeyAuthentication yes
PasswordAuthentication no
PermitEmptyPasswords no
PrintMotd yes
PrintLastLog yes
AllowGroups ssh
Banner /usr/local/etc/ssh/banner
Subsystem       sftp    /usr/libexec/sftp-server

I'm using ssh windows client version 3.2.9 from:
I get a passphrase prompt, I enter xyz, press enter, than I'm prompted to enter my 
"password", I enter the password and I have my prompt:

Is this a security bug, a misconfiguration or what?

I thought I had disabled password authentication with: PasswordAuthentication no

thx a lot

you did. from ssh's point of view. however, pam is enabled, and it allows password authentication. to do what you're asking, edit sshd_config again, and toggle this line

# Change to no to disable PAM authentication
ChallengeResponseAuthentication no

this is my fix, it allows only pubkey logins. i'm sure this is also possible with PAM, and actually, would love to know how that works too :)

hope this helps ~j

Attachment: pgp00000.pgp
Description: PGP signature

Reply via email to