From owner-freebsd-questions@FreeBSD.ORG  Mon Mar  7 01:53:26 2005
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 4D28316A4CE
	for <FreeBSD-questions@freebsd.org>;
	Mon,  7 Mar 2005 01:53:26 +0000 (GMT)
Received: from smtphost.cis.strath.ac.uk (smtphost.cis.strath.ac.uk
	[130.159.196.96])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 73CC043D31
	for <FreeBSD-questions@freebsd.org>;
	Mon,  7 Mar 2005 01:53:25 +0000 (GMT)
	(envelope-from chodgins@cis.strath.ac.uk)
Received: from [192.168.0.4] (chrishodgins.force9.co.uk [84.92.20.141])
	j271r9lX027705;	Mon, 7 Mar 2005 01:53:09 GMT
Message-ID: <422BB546.4030302@cis.strath.ac.uk>
Date: Mon, 07 Mar 2005 01:58:30 +0000
From: Chris Hodgins <chodgins@cis.strath.ac.uk>
User-Agent: Mozilla Thunderbird 1.0 (X11/20050204)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Jeff With <jeff.wirth@gmail.com>
References: <8af8258905030617207f4be393@mail.gmail.com>
	<5d2cf692050306174471107d08@mail.gmail.com>
In-Reply-To: <5d2cf692050306174471107d08@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-CIS-MailScanner-Information: Please contact support@cis.strath.ac.uk for
	more information
X-CIS-MailScanner: Found to be clean
X-CIS-MailScanner-SpamCheck: not spam, SpamAssassin (score=-4.9, required 6,
	BAYES_00 -4.90)
X-CIS-MailScanner-From: chodgins@cis.strath.ac.uk
cc: Danie Du Toit <danie.dutoit@gmail.com>
cc: FreeBSD-questions@freebsd.org
Subject: Re: sshd - public key vs keyboard interactive authentication
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Mar 2005 01:53:26 -0000

Jeff With wrote:
>>So, my questions:
>>
>>1. How do I disable password authentication - i.e. force to use the DSA keys?
> 
> 
> Make sure all 'password' auth is disabled and publickey is enabled.  
> 
> <sshd_config>
> 
> PasswordAuthentication no
> UseLogin no
> UsePAM no 
> PubkeyAuthentication yes
> 
> 
>>2. Can I use both for added security - i.e.  using the keys and then
>>get prompted for password?
> 
> 
> There was some work stared on this type of thing last year, but I
> don't think it was every finalized...
> 
> http://marc.theaimsgroup.com/?l=openssh-unix-dev&m=108552250117169&w=2
> 
> - jw

You can add a passphrase to your key using ssh-keygen.  If you use a 
password you get something like this when you login.

chris@laptop:/usr/home/chris$ ssh myserver.net
Enter passphrase for key '/home/chris/.ssh/id_dsa':

Chris