FreeBSD Mail Archives

Date:      Wed, 21 Nov 2007 13:45:47 +0800
From:      "Quan Qiu" <jackqq@gmail.com>
To:        freebsd-stable@freebsd.org
Subject:   Re: Software for distribution of configuration files and changes
Message-ID:  <53a565700711202145q3c1a8db5k8c0d41d7ad890405@mail.gmail.com>
In-Reply-To: <20071121002043.GA98340@eos.sc1.parodius.com>
References:  <!~!UENERkVCMDkAAQACAAAAAAAAAAAAAAAAACAAAAAAAAAAiuboouUF6EKrT2uPks5M1AAAAAD7AgAAAPYFABAAAAAdMdDZF9ebRbtpiHRx6LqFAQAAAAA=@kmjeuro.com> <474325A0.7060802@gmail.com> <200711202315.lAKNFa4R012904@fire.js.berklix.net> <20071121002043.GA98340@eos.sc1.parodius.com>


On Nov 21, 2007 8:20 AM, Jeremy Chadwick <koitsu@freebsd.org> wrote:
> On Wed, Nov 21, 2007 at 12:15:36AM +0100, Julian H. Stacey wrote:
> > Add
> >       PermitRootLogin yes
> > to
> >       /etc/ssh/sshd_config
>
> This should really be "PermitRootLogin without-password".  Yes, the
> phrase "without-password" looks scary, but it isn't so much -- it allows
> root login via passwordless SSH keys only, while simultaneously
> continues disallowing root logins via keyboard/password authentication.
> sshd_config(5) has details.
>


"ChallengeResponseAuthentication no" is also required to avoid sshd
accepting keyboard-interactive/pam.


-- 
�Á� (QIU Quan) <jackqq@gmail.com>

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?53a565700711202145q3c1a8db5k8c0d41d7ad890405>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation