Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 12 Feb 2004 15:24:29 -0500
From:      Duane Winner <duanewinner@att.net>
To:        Dragoncrest <dragoncrest@voyager.net>
Cc:        questions@freebsd.org
Subject:   Re: Problem with ssh
Message-ID:  <1076617469.259.6.camel@localhost>
In-Reply-To: <200402121949.i1CJnI5q083815@mail5.mx.voyager.net>
References:  <200402121949.i1CJnI5q083815@mail5.mx.voyager.net>

next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 2004-02-12 at 14:49, Dragoncrest wrote:
> Hi again everyone.  Ok, this issue just popped up today on a different
> machine, but it's still bugging me either way.  My home mail server
> (freebsd 4.8) has SSH available to the internet so I can get into the
> box from work if need be.  That is the only port open as it's a fetching
> mail server so port 25 isn't available to the rest of the world.  Nor is
> 110.  What I just discovered today is that my sshd is allowing auth by
> public key OR password.  I don't want it to auth by password.  JUST
> public key.  So in other words if you don't already have the public key
> file, well, it sucks being you because you won't get connected.
> 
> Anyone know how to do this?  Or would this question be better handled on
> an SSH mailing list?  If so, which list is best and how do I sign up? 
> Much apreciated on the info.  Thanks.
> 

For what it's worth, this is my config that does exactly what you are
looking for. It allows auth by public key only, i.e., the user's public
key must be concatenated into ~/.ssh/authorized_keys2 in their
respective home dir.

There might be some better tweaking I could do to this, but haven't
gotten around to yet. The main thing is that it does pubkey auth and
accepts ssh protocol 2 only.

Hope this helps.



Port 22
Protocol 2
ListenAddress 0.0.0.0
LoginGraceTime 120
PermitRootLogin no
StrictModes yes
RhostsAuthentication no
IgnoreRhosts yes
/etc/ssh/ssh_known_hosts
RhostsRSAAuthentication no
PasswordAuthentication no
PermitEmptyPasswords no
ChallengeResponseAuthentication no
X11Forwarding no
PrintMotd yes
Subsystem       sftp    /usr/libexec/sftp-server




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1076617469.259.6.camel>