Not allowing SSH logins without a public key?
I have created a public/private key set with putty and managed to add the public key to my .ssh directory. I have also verified that it works as desired. I'm not too confident in configuring the SSHD so some help is much appreciated. I would like to not allow a ssh connection to the server for users that hasn't provided a public key. Thanks in advance, Joe ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Not allowing SSH logins without a public key?
Edit the file /etc/ssh/sshd_config and change the following two parameters to NO PasswordAuthentication no ChallengeResponseAuthentication no Make sure that RSAAuthentication yes remains set. Then sighup the ssh-daemon by invoking the following command kill -HUP `cat /avr/run/sshd.pid` That's it! By the way a very good decision to set it up this way! ;) Greetz, Ice Joachim Dagerot schrieb: I have created a public/private key set with putty and managed to add the public key to my .ssh directory. I have also verified that it works as desired. I'm not too confident in configuring the SSHD so some help is much appreciated. I would like to not allow a ssh connection to the server for users that hasn't provided a public key. Thanks in advance, Joe ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- Frank Mueller eMail: [EMAIL PROTECTED] Mobil: +49.177.6858655 Fax: +49.951.3039342 emendis GmbH Hofmannstr. 89, 91052 Erlangen, Germany Fon: +49.9131.817361 Fax: +49.9131.817386 Geschaeftsfuehrer: Gunter Kroeber, Volker Wiesinger Sitz Erlangen, Amtsgericht Fuerth HRB 10116 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Not allowing SSH logins without a public key?
Frank Mueller - emendis GmbH wrote: Edit the file /etc/ssh/sshd_config and change the following two parameters to NO PasswordAuthentication no ChallengeResponseAuthentication no Make sure that RSAAuthentication yes remains set. Then sighup the ssh-daemon by invoking the following command kill -HUP `cat /avr/run/sshd.pid` Assuming 5.X or later, the better way to restart any service is to use its script in /etc/rc.d (or /usr/local/etc/rc.d for most ports). In this case sh /etc/rc.d/sshd reload Services that don't accept reload will take restart. see rc(8). --Alex PS depending on the scale of the system you run, and the exact restrictions you want, you might find AllowUsers to be useful as well. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Not allowing SSH logins without a public key?
On 2005-09-13 23:27, Joachim Dagerot [EMAIL PROTECTED] wrote: I have created a public/private key set with putty and managed to add the public key to my .ssh directory. I have also verified that it works as desired. I'm not too confident in configuring the SSHD so some help is much appreciated. I would like to not allow a ssh connection to the server for users that hasn't provided a public key. You can explicitly allow (or disallow) authentication methods by editing your ``/etc/ssh/sshd_config'' file. For details, please refer to sshd_config(5): % man sshd_config Some of the relevant options in the unmodified sshd_config I have here are the following: #RSAAuthentication yes #PubkeyAuthentication yes #RhostsRSAAuthentication no #HostbasedAuthentication no #PasswordAuthentication no #ChallengeResponseAuthentication yes #KerberosAuthentication no #GSSAPIAuthentication no In general, the options whose name contains ``Authentication'' are authentication methods, and you can enable or disable each one separately. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]