[vox-tech] sshd_config and PasswordAuthentication
Karsten M. Self
kmself at ix.netcom.com
Fri Jul 22 14:32:13 PDT 2005
on Fri, Jul 22, 2005 at 04:20:55PM -0400, David Hummel (dhml at comcast.net) wrote:
> On Fri, Jul 22, 2005 at 12:02:41PM -0700, Karsten M. Self wrote:
> >
> > on Fri, Jul 22, 2005 at 10:01:32AM -0500, Jay Strauss (me at heyjay.com) wrote:
> > >
> > > I thought you were telling me that when this is set to "no" then I
> > > still type my password, then some magic happens, and I login to the
> > > remote box but I never send my password down the line.
> >
> > No. If "PasswordAuthentication no" is set in /etc/ssh/sshd_config, on
> > the remote host, then you *must* use another method, and my
> > understanding is that this limits you to SSH-passkey. Your remote
> > password (tunneled and encrypted or not) *won't* work.
>
> If you want to fully disable password auth, it is still necessary to set
> ChallengeResponseAuthentication to no.
My understanding is that ChallengeResponseAuthentication refers to S/Key
passwords. This is a one-time password scheme which removes many of the
downsides of password-based authentication.
Peace.
--
Karsten M. Self <kmself at ix.netcom.com> http://kmself.home.netcom.com/
What Part of "Gestalt" don't you understand?
Integrity, we've heard of it: http://www.theregister.co.uk/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://ns1.livepenguin.com/pipermail/vox-tech/attachments/20050722/13049d34/attachment.pgp
More information about the vox-tech
mailing list