Not allowing SSH logins without a public key?

Giorgos Keramidas keramida at ceid.upatras.gr
Tue Sep 13 15:07:55 PDT 2005


On 2005-09-13 23:27, Joachim Dagerot <jd at dagerot.com> wrote:
> I have created a public/private key set with putty and managed to add
> the public key to my .ssh directory. I have also verified that it
> works as desired.
>
> I'm not too confident in configuring the SSHD so some help is much
> appreciated.
>
> I would like to not allow a ssh connection to the server for users
> that hasn't provided a public key.

You can explicitly allow (or disallow) authentication methods by editing
your ``/etc/ssh/sshd_config'' file.  For details, please refer to
sshd_config(5):

	% man sshd_config

Some of the relevant options in the unmodified sshd_config I have here
are the following:

	#RSAAuthentication yes
	#PubkeyAuthentication yes
	#RhostsRSAAuthentication no
	#HostbasedAuthentication no
	#PasswordAuthentication no
	#ChallengeResponseAuthentication yes
	#KerberosAuthentication no
	#GSSAPIAuthentication no

In general, the options whose name contains ``Authentication'' are
authentication methods, and you can enable or disable each one separately.



More information about the freebsd-questions mailing list