[conspire] ssh problem: disabling "keyboard-interactive"

mark at weisler-saratoga-ca.us mark at weisler-saratoga-ca.us
Tue Aug 22 15:38:10 PDT 2006

> -------- Original Message --------
> Subject: Re: [conspire] ssh problem: disabling "keyboard-interactive"
> From: "Peter Knaggs" <peter.knaggs at gmail.com>
> Date: Tue, August 22, 2006 9:12 am
> To: "mark at weisler-saratoga-ca.us" <mark at weisler-saratoga-ca.us>
> Cc: conspire at linuxmafia.com
> > UsePAM yes
> I usually turn off PAM by setting it to "no". That way sshd only accepts
> passphrase authentication (with the settings you've described).
> I also set "PermitRootLogin without-password" which means password
> authentication is disabled for root.
> Try adding the second setting first, restart sshd, then try a root login.
> Then add the second setting, and it should only allow passphrase for
> all logins.
> Peter.
Hi Peter,
Thanks for the suggestion. I followed your recommendation and it worked.
Specifically 'UsePAM no' disallowed used of passwords. See below.
Interestingly, 'keyboard-interactive' seems to still be an optional way
to log-in but the remote user is no longer prompted for a password.
I'm comfortable that password log-in is no longer possible so that's
good. Now I'll study PAM to see what's up with that.

Here's a listing showing a log-in...

mark-weislers-powerbook-g4:~ markweisler$ ssh -X -l mark TheServer.biz
Enter passphrase for key '/Users/markweisler/.ssh/id_dsa':
Enter passphrase for key '/Users/markweisler/.ssh/id_dsa':
Enter passphrase for key '/Users/markweisler/.ssh/id_dsa':
Permission denied (publickey,keyboard-interactive).

More information about the conspire mailing list