At 2001-10-03 18:09:06+0000, Zvezdan Petkovic writes: > On Wed, Oct 03, 2001 at 04:43:39PM +0100, Nick Barnes wrote: > > One of our servers used to run FreeBSD 2.2.8 with SSH 2 built from > > /usr/ports/security/ssh2. I'm not sure exactly which version of SSH > > this was. We had sshd configured to require both a password and RSA > > (or maybe DSA) authentication. > > > > I'm not sure that it checked both. I think that the first authentication > method that succeeds lets you through. You probably had password set up > as the first method to try.
No, it definitely did check both. I recall testing it. I think it was SSH, rather than OpenSSH. This man page suggests that I was using the RequiredAuthentications configuration option: <http://www.ssh.com/support/ssh/man/sshd2_config-man.html> > Only if you set up RSA keys _without_ a passphrase. I never do that. Thanks; I'll make sure our users are using passphrases. This seems like a good solution. Nick B To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-stable" in the body of the message
