[vox-tech] sshd_config and PasswordAuthentication

David Hummel dhml at comcast.net
Thu Jul 7 09:07:51 PDT 2005


On Thu, Jul 07, 2005 at 10:57:53AM -0500, Jay Strauss wrote:
>
> Henry House wrote:
> >
> >With PasswordAuthentication set to no, SSH-key authentication must be
> >used instead of a password. This method uses public/private key pairs
> >created by ssh-keygen(1) to authenticate. This is generally
> >considered more secure than tunneled-password authencation for
> >reasons than someone else can explaim better than I can.
> 
> This is what I thought that option did, but I have
> PasswordAuthentication no on most of my boxes but don't use a key pair
> to log in.  I get prompted for a password and I type that in, and I'm
> logged on.

That's correct.  Setting PasswordAuthentication to no does not disable
password auth.  You can still fall back on it if you aren't using public
key auth.  If you really want to disable password auth, you need to set
ChallengeResponseAuthentication to no.

-David


More information about the vox-tech mailing list