[prev in list] [next in list] [prev in thread] [next in thread]
List: gentoo-user
Subject: [gentoo-user] sshd Authentication Restrictions
From: Josh Cepek <josh.cepek () usa ! net>
Date: 2007-10-30 15:42:48
Message-ID: 472750F8.7090600 () usa ! net
[Download RAW message or body]
I want to harden my ssh server by restricting most users to Public Key
authentication only. I can set "ChallengeResponseAuthentication no" in
the config file, but I can't figure out how to then allow a user or
group within a Match section to use Keyboard-Interactive authentication.
"ChallengeResponseAuthentication" is not valid within a Match section.
When this directive is added globally there seems to be no way to
enable it again under a Match section. I also tried to set the global
option "KbdInteractiveAuthentication no", but this doesn't seem to be
valid outside of a Match section since users can connect without public
keys (the sshd process does accept this option, but it doesn't seem to
actually do anything outside of a Match section.)
At this point the only way I've found to do what I want is to add all
users I want to restrict to a group, create a Match section for this
group, and use the directive "KbdInteractiveAuthentication no". While
this works, I'd like to know if there is a way I can disable it as part
of the global sshd config and enable this authentication only for
specific users.
Thanks for any ideas.
--=20
Josh
["signature.asc" (application/pgp-signature)]
--
gentoo-user@gentoo.org mailing list
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic