[svlug] SSH password question

[aaronl@vitelus.com]

Hello all,

I saw this post and decided to check it out. I really only want people to
be able to access my machine not only if they have a password but require
them to have the private key.

I edited my sshd2 config file in /etc/sshd2_config to make
PasswordAuthentication no. After it didn't work and still only asked me
for a password, I consulted the manual pages. It said that
PasswordAuthentication (the flag) was not yet implemented in ssh 2.x. So i
downloaded 1.2.26 and then tried. The result was exactly the same! Herer
is what happens:

[aaronl at vitelus aaronl]$ cat /etc/sshd_config
# This is ssh server systemwide configuration file.

Port 22
ListenAddress 0.0.0.0
HostKey /etc/ssh_host_key
RandomSeed /etc/ssh_random_seed
ServerKeyBits 768
LoginGraceTime 600
KeyRegenerationInterval 3600
PermitRootLogin yes
IgnoreRhosts no
StrictModes yes
QuietMode no
X11Forwarding yes
X11DisplayOffset 10
FascistLogging no
PrintMotd yes
KeepAlive yes
SyslogFacility DAEMON
RhostsAuthentication no
RhostsRSAAuthentication yes
RSAAuthentication yes
PasswordAuthentication no
PermitEmptyPasswords yes
UseLogin no
# CheckMail no
# PidFile /u/zappa/.ssh/pid
# AllowHosts *.our.com friend.other.com
# DenyHosts lowsecurity.theirs.com *.evil.org evil.org
# Umask 022
# SilentDeny yes
[aaronl at vitelus aaronl]$ ssh vitelus.com
aaronl's password:

After i enter my password (for the user, not the key) it logs me in like
a telnet session.

Aaron Lehmann


On Sat, 7 Nov 1998, Seth David Schoen wrote:

> Hans Cathcart writes:
> 
> > Hi,
> > I'm using SSH to log into my servers, but I'm also using POP to check my
> > mail. Since both SSH and POP look at the /etc/passwd file, I see a security
> > problem. If someone traps my POP session password, which is not encrypted,
> > they can then log in through SSH. Is there an easy, straight-forward way of
> > having different passwords?
> 
> Aside from the trick of using tunnels, so that your POP sessions won't be
> insecure, you can also configure sshd to deny Unix password authentication
> and use only SSH's RSA keys.  In /etc/sshd.conf, set
> 
> PasswordAuthentication no
> 
> Then use only RSA keys to connect via SSH, not Unix passwords.
> 
> -- 
>    Seth David Schoen L&S '01 (undeclared) / schoen at uclink4.berkeley.edu
> He said, "This is what the king who will reign over you will do."  And they
> said, "Nay, but we will have a king over us, that we also may be like all the
> nations." (1 Sam 8)  http://ishmael.geecs.org/~sigma/   http://www.loyalty.org/
> 
> --
> echo "unsubscribe svlug" | mail majordomo at svlug.org
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ to unsubscribe
> 


--
echo "unsubscribe svlug" | mail majordomo at svlug.org
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ to unsubscribe