Not allowing SSH logins without a public key?

Alex Zbyslaw xfb52 at dial.pipex.com
Tue Sep 13 15:02:01 PDT 2005


Frank Mueller - emendis GmbH wrote:

> Edit the file
>
> /etc/ssh/sshd_config
>
> and change the following two parameters to NO
>
> PasswordAuthentication no
> ChallengeResponseAuthentication no
>
> Make sure that
>
> RSAAuthentication yes
>
> remains set.
>
> Then sighup the ssh-daemon by invoking the following command
>
> kill -HUP `cat /avr/run/sshd.pid`
>
Assuming 5.X or later, the better way to restart any service is to use 
its script in /etc/rc.d (or /usr/local/etc/rc.d for most ports).  In 
this case

    sh /etc/rc.d/sshd reload

Services that don't accept reload will take restart.

see rc(8).

--Alex

PS depending on the scale of the system you run, and the exact 
restrictions you want, you might find AllowUsers to be useful as well.



More information about the freebsd-questions mailing list