From owner-freebsd-questions@FreeBSD.ORG Mon Mar 7 01:53:26 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4D28316A4CE for ; Mon, 7 Mar 2005 01:53:26 +0000 (GMT) Received: from smtphost.cis.strath.ac.uk (smtphost.cis.strath.ac.uk [130.159.196.96]) by mx1.FreeBSD.org (Postfix) with ESMTP id 73CC043D31 for ; Mon, 7 Mar 2005 01:53:25 +0000 (GMT) (envelope-from chodgins@cis.strath.ac.uk) Received: from [192.168.0.4] (chrishodgins.force9.co.uk [84.92.20.141]) j271r9lX027705; Mon, 7 Mar 2005 01:53:09 GMT Message-ID: <422BB546.4030302@cis.strath.ac.uk> Date: Mon, 07 Mar 2005 01:58:30 +0000 From: Chris Hodgins User-Agent: Mozilla Thunderbird 1.0 (X11/20050204) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Jeff With References: <8af8258905030617207f4be393@mail.gmail.com> <5d2cf692050306174471107d08@mail.gmail.com> In-Reply-To: <5d2cf692050306174471107d08@mail.gmail.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-CIS-MailScanner-Information: Please contact support@cis.strath.ac.uk for more information X-CIS-MailScanner: Found to be clean X-CIS-MailScanner-SpamCheck: not spam, SpamAssassin (score=-4.9, required 6, BAYES_00 -4.90) X-CIS-MailScanner-From: chodgins@cis.strath.ac.uk cc: Danie Du Toit cc: FreeBSD-questions@freebsd.org Subject: Re: sshd - public key vs keyboard interactive authentication X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 Mar 2005 01:53:26 -0000 Jeff With wrote: >>So, my questions: >> >>1. How do I disable password authentication - i.e. force to use the DSA keys? > > > Make sure all 'password' auth is disabled and publickey is enabled. > > > > PasswordAuthentication no > UseLogin no > UsePAM no > PubkeyAuthentication yes > > >>2. Can I use both for added security - i.e. using the keys and then >>get prompted for password? > > > There was some work stared on this type of thing last year, but I > don't think it was every finalized... > > http://marc.theaimsgroup.com/?l=openssh-unix-dev&m=108552250117169&w=2 > > - jw You can add a passphrase to your key using ssh-keygen. If you use a password you get something like this when you login. chris@laptop:/usr/home/chris$ ssh myserver.net Enter passphrase for key '/home/chris/.ssh/id_dsa': Chris