On Thursday, 20 March 2025 19:03:49 Greenwich Mean Time ralfconn wrote:
> maybe it is documented somewhere and I missed it, but to disable
> password login on an ssh server it is not sufficient to specify
> UsePAM=no (which is the default) in /etc/ssh/sshd_config because it is
> enabled by the /et
Oh, actually, I think I see the issue. I think it's that PAM authentication,
including via password, will be allowed if *either* of PasswordAuthentication
or KbdInteractiveAuthentication are enabled. My other box already had
"KbdInteractiveAuthentication no".
> On Mar 22, 2025, at 18:50, Nate
ralfconn writes:
Setting "PasswordAuthentication no" is not sufficient.
If you fail key authentication e.g. by pressing at the
passphrase prompt you'll be prompted for the password unless you
do
the above.
That's controlled by the AuthenticationMethods parameter, which
has a
default value
On my Ubuntu box, which also doesn't have AuthenticationMethods set in
sshd_config, simply setting "PasswordAuthentication no" does in fact prevent
password login.
Moreover, the stock sshd_config has a comment above the PasswordAuthentication
option saying "To disable tunneled clear text passwo
Il 21/03/25 00:50, Peter Humphrey ha scritto:
On Thursday, 20 March 2025 19:03:49 Greenwich Mean Time ralfconn wrote:
maybe it is documented somewhere and I missed it, but to disable
password login on an ssh server it is not sufficient to specify
UsePAM=no (which is the default) in /etc/ssh/ssh
Hello,
maybe it is documented somewhere and I missed it, but to disable
password login on an ssh server it is not sufficient to specify
UsePAM=no (which is the default) in /etc/ssh/sshd_config because it is
enabled by the /etc/ssh/sshd_config.d/999gentoo-pam.conf, so you
need to comment o
6 matches
Mail list logo
