From owner-freebsd-questions@FreeBSD.ORG  Thu Feb  8 18:31:21 2007
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id C059D16A406
	for <freebsd-questions@freebsd.org>;
	Thu,  8 Feb 2007 18:31:21 +0000 (UTC)
	(envelope-from pgiessel@mac.com)
Received: from achilles.leela.ws (achilles.leela.ws [66.207.162.30])
	by mx1.freebsd.org (Postfix) with ESMTP id 99F0613C4AC
	for <freebsd-questions@freebsd.org>;
	Thu,  8 Feb 2007 18:31:21 +0000 (UTC)
	(envelope-from pgiessel@mac.com)
Received: from [192.168.0.249] ([158.145.111.132]) (authenticated bits=0)
	by achilles.leela.ws (8.13.6/8.13.6) with ESMTP id l18IVHjU068576
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT);
	Thu, 8 Feb 2007 09:31:20 -0900 (AKST)
	(envelope-from pgiessel@mac.com)
Message-ID: <45CB6C6E.8000607@mac.com>
Date: Thu, 08 Feb 2007 09:31:10 -0900
From: "Peter A. Giessel" <pgiessel@mac.com>
User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US;
	rv:1.8.0.9) Gecko/20061207 Thunderbird/1.5.0.9 Mnenhy/0.7.4.0
MIME-Version: 1.0
To: White Hat <pigskin_referee@yahoo.com>
References: <987025.9761.qm@web34406.mail.mud.yahoo.com>
In-Reply-To: <987025.9761.qm@web34406.mail.mud.yahoo.com>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Cc: FreeBSD Users Questions <freebsd-questions@freebsd.org>
Subject: Re: Using SSL certificates instead of password
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Feb 2007 18:31:21 -0000

On 2007/02/08 6:07, White Hat seems to have typed:
> I am trying to set up one of my servers so that it can
> be accessed only by a user with a proper SSL
> certificate. I want to disable the use of passwords
> completely.
> 
> I cannot seem to locate a good 'How To' regarding
> this. In addition, the server, a FreeBSD-6.2 machine,
> will be accessed by WinXP machines using Putty.
> 
> Where can I locate some good information on how to set
> up such a configuration?

See:
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/openssh.html
Section 14.11.6

See also:
http://www.freebsd.org/cgi/man.cgi?query=sshd_config&sektion=5&manpath=OpenBSD+3.9
Section PubkeyAuthentication
Section PasswordAuthentication

Its actually pretty easy to setup.