Date: Thu, 12 Feb 2004 15:24:29 -0500 From: Duane Winner <duanewinner@att.net> To: Dragoncrest <dragoncrest@voyager.net> Cc: questions@freebsd.org Subject: Re: Problem with ssh Message-ID: <1076617469.259.6.camel@localhost> In-Reply-To: <200402121949.i1CJnI5q083815@mail5.mx.voyager.net> References: <200402121949.i1CJnI5q083815@mail5.mx.voyager.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 2004-02-12 at 14:49, Dragoncrest wrote: > Hi again everyone. Ok, this issue just popped up today on a different > machine, but it's still bugging me either way. My home mail server > (freebsd 4.8) has SSH available to the internet so I can get into the > box from work if need be. That is the only port open as it's a fetching > mail server so port 25 isn't available to the rest of the world. Nor is > 110. What I just discovered today is that my sshd is allowing auth by > public key OR password. I don't want it to auth by password. JUST > public key. So in other words if you don't already have the public key > file, well, it sucks being you because you won't get connected. > > Anyone know how to do this? Or would this question be better handled on > an SSH mailing list? If so, which list is best and how do I sign up? > Much apreciated on the info. Thanks. > For what it's worth, this is my config that does exactly what you are looking for. It allows auth by public key only, i.e., the user's public key must be concatenated into ~/.ssh/authorized_keys2 in their respective home dir. There might be some better tweaking I could do to this, but haven't gotten around to yet. The main thing is that it does pubkey auth and accepts ssh protocol 2 only. Hope this helps. Port 22 Protocol 2 ListenAddress 0.0.0.0 LoginGraceTime 120 PermitRootLogin no StrictModes yes RhostsAuthentication no IgnoreRhosts yes /etc/ssh/ssh_known_hosts RhostsRSAAuthentication no PasswordAuthentication no PermitEmptyPasswords no ChallengeResponseAuthentication no X11Forwarding no PrintMotd yes Subsystem sftp /usr/libexec/sftp-server
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1076617469.259.6.camel>