setting a password less ssh connection
Wolfgang S. Rupprecht
wolfgang+gnus200605 at dailyplanet.dontspam.wsrcc.com
Fri May 19 20:30:38 UTC 2006
Ian Malone <ibmalone at gmail.com> writes:
> This is not what the OP is trying to do (or, at least, I hope not...).
>
> Leave this alone, having passwordless accounts you can log into over
> ssh is an awful idea as mentioned above:
> #PermitEmptyPasswords no
>
> Add this to prevent authentication against the user's password:
> PasswordAuthentication no
And just to prevent pam from allowing a password login you also want
to add:
UsePam=no
It is amazing now many linux and bsd systems get broken into and used
as ssh-password attacking zombies. (From looking at my sshd logs I
see a few probes each day.) I would be really nice if OS
distributions were to stop encouraging stupid behavior and not leaving
password logins open.
cat << EOF > /etc/ssh/sshd_config
Protocol 2
LogLevel VERBOSE
PermitRootLogin without-password
PasswordAuthentication no
ChallengeResponseAuthentication no
X11Forwarding yes
UsePam no
ClientAliveInterval 60
ClientAliveCountMax 30
EOF
-wolfgang
--
Wolfgang S. Rupprecht http://www.wsrcc.com/wolfgang/
More information about the fedora-list
mailing list