Date: Thu, 04 Oct 2001 11:46:49 +0100 From: Nick Barnes <Nick.Barnes@pobox.com> To: Zvezdan Petkovic <zvezdan@CS.WM.EDU> Cc: freebsd-stable@FreeBSD.ORG Subject: Re: sshd: requiring password _and_ RSA authentication Message-ID: <6330.1002192409@thrush.ravenbrook.com> In-Reply-To: Message from Zvezdan Petkovic <zvezdan@CS.WM.EDU> of "Wed, 03 Oct 2001 14:09:06 EDT." <20011003140906.B27029@dali.cs.wm.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
At 2001-10-03 18:09:06+0000, Zvezdan Petkovic writes: > On Wed, Oct 03, 2001 at 04:43:39PM +0100, Nick Barnes wrote: > > One of our servers used to run FreeBSD 2.2.8 with SSH 2 built from > > /usr/ports/security/ssh2. I'm not sure exactly which version of SSH > > this was. We had sshd configured to require both a password and RSA > > (or maybe DSA) authentication. > > > > I'm not sure that it checked both. I think that the first authentication > method that succeeds lets you through. You probably had password set up > as the first method to try. No, it definitely did check both. I recall testing it. I think it was SSH, rather than OpenSSH. This man page suggests that I was using the RequiredAuthentications configuration option: <http://www.ssh.com/support/ssh/man/sshd2_config-man.html>; > Only if you set up RSA keys _without_ a passphrase. I never do that. Thanks; I'll make sure our users are using passphrases. This seems like a good solution. Nick B To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6330.1002192409>