Secure my SSH
April 22, 2010 12:42 PM   Subscribe

SSHFilter: I'm trying to disable authentication by password for SSH users accessing a server from a remote location. By everything I've read it seems like I've done exactly that, but I can still log in from a remote machine using a password only. Help me get that to stop.

So, I've gone into /etc/sshd_config and edited the permissions there. Specifically, I changed it to

ChallengeResponseAuthentication no
PasswordAuthentication no
UsePAM no


and have since completely restarted the server. Now on account X, if I remove authorized_keys from the ~/.ssh directory, I can still access that account remotely using only a password. Shouldn't that not happen?


I also tried the following change in /etc/ssh_config

PasswordAuthentication no

but that didn't do anything either.

It's a Mac Server running Server OS X 10.6.3

My last option, SSH aside, is to go into Workgroup Manager and disable password login access for each account (under Advanced -> Options), which means the only way to access it would be via the SSH keypair. However, when I'm trying to do that as the admin, it tells me that I am unauthorized. I can make it so people cannot access their account at all but I can't only disable the password login.
posted by scrutiny to Computers & Internet (2 answers total)
 
Best answer: Just to be sure, none of those lines have # at the beginning, do they?

Secondly, I'd double check that sshd is using the same sshd_config that you're editing.
posted by rhizome at 12:48 PM on April 22, 2010


Response by poster: Yep, they were all commented out. UNIX n00b, so I didn't realize that's what # meant. I should have figured it out since all the comments had that in front of them but oh well.

Thanks alot!
posted by scrutiny at 1:00 PM on April 22, 2010


« Older Green YAL   |   seeking leak detection referral in Arlington, TX Newer »
This thread is closed to new comments.