[conspire] ssh problem: disabling "keyboard-interactive"
mark at weisler-saratoga-ca.us
mark at weisler-saratoga-ca.us
Tue Aug 22 15:38:10 PDT 2006
> -------- Original Message --------
> Subject: Re: [conspire] ssh problem: disabling "keyboard-interactive"
> From: "Peter Knaggs" <peter.knaggs at gmail.com>
> Date: Tue, August 22, 2006 9:12 am
> To: "mark at weisler-saratoga-ca.us" <mark at weisler-saratoga-ca.us>
> Cc: conspire at linuxmafia.com
>
> > UsePAM yes
>
> I usually turn off PAM by setting it to "no". That way sshd only accepts
> passphrase authentication (with the settings you've described).
>
> I also set "PermitRootLogin without-password" which means password
> authentication is disabled for root.
>
> Try adding the second setting first, restart sshd, then try a root login.
> Then add the second setting, and it should only allow passphrase for
> all logins.
>
> Peter.
Hi Peter,
Thanks for the suggestion. I followed your recommendation and it worked.
Specifically 'UsePAM no' disallowed used of passwords. See below.
Interestingly, 'keyboard-interactive' seems to still be an optional way
to log-in but the remote user is no longer prompted for a password.
I'm comfortable that password log-in is no longer possible so that's
good. Now I'll study PAM to see what's up with that.
Here's a listing showing a log-in...
mark-weislers-powerbook-g4:~ markweisler$ ssh -X -l mark TheServer.biz
Enter passphrase for key '/Users/markweisler/.ssh/id_dsa':
Enter passphrase for key '/Users/markweisler/.ssh/id_dsa':
Enter passphrase for key '/Users/markweisler/.ssh/id_dsa':
Permission denied (publickey,keyboard-interactive).
More information about the conspire
mailing list