SSH root login with keys only
Vincent Hoffman
vince at unsane.co.uk
Mon Apr 5 09:17:14 UTC 2010
On 05/04/2010 10:01, Matthew Seaman wrote:
> On 04/04/2010 22:04:35, Marcin Wisnicki wrote:
> > Is it possible to configure sshd such that both conditions are met:
>
> > 1. Root will be able to login only by using keys
> > 2. Normal users will still be able to use pam/keyboard-interactive
>
> Only by running two instances of sshd on different ports / IP numbers.
>
I missed the rest of this thread so sorry its its been said already. As
far as I knew the directive
PermitRootLogin without-password
in /etc/ssh/sshd_config
should accomplish what was requested.
However a note later in the default sshd_config file regarding the
UsePAM setting says
'Depending on your PAM configuration,
PAM authentication via ChallengeResponseAuthentication may bypass
the setting of "PermitRootLogin without-password".'
So I'd be interested to know if by default this is the case.
Vince
> Cheers,
>
> Matthew
>
_______________________________________________
freebsd-questions at freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
More information about the freebsd-questions
mailing list