SSH root login with keys only
Vincent Hoffman
vince at unsane.co.uk
Mon Apr 5 09:25:45 UTC 2010
On 05/04/2010 10:17, Vincent Hoffman wrote:
> On 05/04/2010 10:01, Matthew Seaman wrote:
>
>> On 04/04/2010 22:04:35, Marcin Wisnicki wrote:
>>
>>> Is it possible to configure sshd such that both conditions are met:
>>>
>>
>>> 1. Root will be able to login only by using keys
>>> 2. Normal users will still be able to use pam/keyboard-interactive
>>>
>> Only by running two instances of sshd on different ports / IP numbers.
>>
>>
> I missed the rest of this thread so sorry its its been said already. As
> far as I knew the directive
> PermitRootLogin without-password
> in /etc/ssh/sshd_config
> should accomplish what was requested.
>
> However a note later in the default sshd_config file regarding the
> UsePAM setting says
> 'Depending on your PAM configuration,
> PAM authentication via ChallengeResponseAuthentication may bypass
> the setting of "PermitRootLogin without-password".'
>
> So I'd be interested to know if by default this is the case.
>
>
And sure enough when I have a look in the archive, my suggestion has
been discussed at length. sorry for noise.
Vince
> Vince
>
>
>
>> Cheers,
>>
>> Matthew
>>
>>
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
>
>
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
>
More information about the freebsd-questions
mailing list