on Fri, Jul 22, 2005 at 04:20:55PM -0400, David Hummel ([EMAIL PROTECTED]) wrote: > On Fri, Jul 22, 2005 at 12:02:41PM -0700, Karsten M. Self wrote: > > > > on Fri, Jul 22, 2005 at 10:01:32AM -0500, Jay Strauss ([EMAIL PROTECTED]) > > wrote: > > > > > > I thought you were telling me that when this is set to "no" then I > > > still type my password, then some magic happens, and I login to the > > > remote box but I never send my password down the line. > > > > No. If "PasswordAuthentication no" is set in /etc/ssh/sshd_config, on > > the remote host, then you *must* use another method, and my > > understanding is that this limits you to SSH-passkey. Your remote > > password (tunneled and encrypted or not) *won't* work. > > If you want to fully disable password auth, it is still necessary to set > ChallengeResponseAuthentication to no.
My understanding is that ChallengeResponseAuthentication refers to S/Key passwords. This is a one-time password scheme which removes many of the downsides of password-based authentication. Peace. -- Karsten M. Self <[email protected]> http://kmself.home.netcom.com/ What Part of "Gestalt" don't you understand? Integrity, we've heard of it: http://www.theregister.co.uk/
signature.asc
Description: Digital signature
_______________________________________________ vox-tech mailing list [email protected] http://lists.lugod.org/mailman/listinfo/vox-tech
