Date: Mon, 05 Apr 2010 10:17:12 +0100 From: Vincent Hoffman <vince@unsane.co.uk> To: freebsd-questions@freebsd.org Subject: Re: SSH root login with keys only Message-ID: <4BB9AA98.7030205@unsane.co.uk> In-Reply-To: <4BB9A6D4.8080604@infracaninophile.co.uk> References: <hpaut3$4gl$1@dough.gmane.org> <4BB9A6D4.8080604@infracaninophile.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
On 05/04/2010 10:01, Matthew Seaman wrote: > On 04/04/2010 22:04:35, Marcin Wisnicki wrote: > > Is it possible to configure sshd such that both conditions are met: > > > 1. Root will be able to login only by using keys > > 2. Normal users will still be able to use pam/keyboard-interactive > > Only by running two instances of sshd on different ports / IP numbers. > I missed the rest of this thread so sorry its its been said already. As far as I knew the directive PermitRootLogin without-password in /etc/ssh/sshd_config should accomplish what was requested. However a note later in the default sshd_config file regarding the UsePAM setting says 'Depending on your PAM configuration, PAM authentication via ChallengeResponseAuthentication may bypass the setting of "PermitRootLogin without-password".' So I'd be interested to know if by default this is the case. Vince > Cheers, > > Matthew > _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4BB9AA98.7030205>