Hello, Regarding bug #109846 I also have the problem that if I use PasswordAuthentication no in /etc/ssh/sshd_config, it is not enough to reject password authentication. I _also_ have to disable PAM.
I discovered I had a /etc/ssh/sshd_config.dpkg-old dated 2001-09-13 This file do not have the line UsePAM yes If I use PasswordAuthentication no UsePAM no then passwords are effectively disabled. I think it is clearer/easier/simpler to modify two lines in /etc/ssh/sshd_config than modifying one line in /etc/ssh/sshd_config and one line in /etc/pam.d/ssh I think it may be a critical security problem for upgrades from woody since the UsePAM line is not present in /etc/ssh/sshd_config on a woody system. It is not clear that if you add "UsePAM yes" (during the upgrade) it will allow password authentication EVEN IF you have PasswordAuthentication no. So this should be clearly documented. Regards, -- Dr. Ludovic Rousseau [EMAIL PROTECTED] -- Normaliser Unix c'est comme pasteuriser le camembert, L.R. -- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
