This is my config, works well over here. # $OpenBSD: sshd_config,v 1.68 2003/12/29 16:39:50 millert Exp $
# This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. # This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin # The strategy used for options in the default sshd_config shipped with # OpenSSH is to specify options with their default value where # possible, but leave them commented. Uncommented options change a # default value. #Port 22 Protocol 2 #ListenAddress 0.0.0.0 #ListenAddress :: # HostKey for protocol version 1 #HostKey /etc/ssh/ssh_host_key # HostKeys for protocol version 2 #HostKey /etc/ssh/ssh_host_rsa_key #HostKey /etc/ssh/ssh_host_dsa_key # Lifetime and size of ephemeral version 1 server key #KeyRegenerationInterval 3600 #ServerKeyBits 768 # Logging #obsoletes QuietMode and FascistLogging SyslogFacility AUTH LogLevel INFO # Authentication: LoginGraceTime 60 PermitRootLogin no #StrictModes yes #RSAAuthentication yes PubkeyAuthentication yes AuthorizedKeysFile .ssh/authorized_keys # rhosts authentication should not be used RhostsRSAAuthentication no # Don't read the user's ~/.rhosts and ~/.shosts files #IgnoreRhosts yes # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts #RhostsRSAAuthentication no # similar for protocol version 2 #HostbasedAuthentication no # Change to yes if you don't trust ~/.ssh/known_hosts for # RhostsRSAAuthentication and HostbasedAuthentication #IgnoreUserKnownHosts no # To disable tunneled clear text passwords, change to no here! PasswordAuthentication no PermitEmptyPasswords no # Change to no to disable s/key passwords #ChallengeResponseAuthentication yes # Kerberos options #KerberosAuthentication no #KerberosOrLocalPasswd yes #KerberosTicketCleanup yes #AFSTokenPassing no # Kerberos TGT Passing only works with the AFS kaserver #KerberosTgtPassing no # Set this to 'yes' to enable PAM keyboard-interactive authentication # Warning: enabling this may bypass the setting of 'PasswordAuthentication' #PAMAuthenticationViaKbdInt no #X11Forwarding no #X11DisplayOffset 10 #X11UseLocalhost yes PrintMotd no PrintLastLog no #KeepAlive yes #UseLogin no #UsePrivilegeSeparation yes #PermitUserEnvironment no #Compression yes UsePAM no #MaxStartups 10 # no default banner path #Banner /some/path #VerifyReverseMapping no UseDNS no # override default of no subsystems Subsystem sftp /usr/lib/misc/sftp-server # Only people in wheel or admin group can access AllowGroups # And of those groups, only these users can ssh AllowUsers On Mon, 7 Feb 2005 19:06:00 +0100, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > Already the way you suggested but it doesn't work: I can still connect by > userid and password. > Any other suggestion? > Ciao > Vittorio > :-- Messaggio originale -- > :Reply-To: [EMAIL PROTECTED] > :Date: Mon, 7 Feb 2005 12:54:53 -0500 > :From: Brett Curtis <[EMAIL PROTECTED]> > :Reply-To: Brett Curtis <[EMAIL PROTECTED]> > :To: [EMAIL PROTECTED] > :Subject: Re: [gentoo-user] ssh & rsa only authentication > : > : > :just make sure all other auth methods are set to 'no' > : > :UsePAM no > :PasswordAuthentication no > :PermitEmptyPasswords no > : > :and such.... > : > : > :On Mon, 7 Feb 2005 18:52:59 +0100, [EMAIL PROTECTED] > :<[EMAIL PROTECTED]> wrote: > :> I succeeded in setting up sshd to work with a public rsa key put on the > :> server in /root/.ssh/authorized_keys. And now I can access the server > remotely > :> by means of BOTH rsa authentication giving the passphrase AND the more > :conventional > :> userid & password. > :> > :> I would like to disable the latter in order to have only the rsa > authentication > :> working and not other options. > :> > :> What options should I modify or add in ssh_config and sshd_config? > :> > :> Ciao > :> Vittorio > :> > :> -- > :> [email protected] mailing list > :> > :> > : > :-- > :[email protected] mailing list > : > > -- > [email protected] mailing list > > -- [email protected] mailing list
