Differences between version 26 and predecessor to the previous major change of SSHKeys.
Other diffs: Previous Revision, Previous Author, or view the Annotated Edit History
| Newer page: | version 26 | Last edited on Friday, January 26, 2007 4:59:01 pm | by BenStaz | Revert |
| Older page: | version 25 | Last edited on Thursday, June 1, 2006 4:22:32 am | by AristotlePagaltzis | Revert |
@@ -4,9 +4,8 @@
This makes PublicKeyAuthentication less convenient than password authentication: every time you log in somewhere, you have to type a long passphrase rather than a short password.
__''DO use passphrases''__. It's very tempting to use a passphraseless key so that you "don't have to type in a password every time". Instead, read on.
-
Authentication agents provide a solution to this. [OpenSSH]'s agent is called ssh-agent(1), [PuTTY]'s is called <b>Pageant</b>. Typically, you launch the agent when you log onto your local machine, which prompts you for the passphrases of any keys you have. The agent then remains persistent and provide your credentials to any client that needs them, so you will no longer be prompted for the passphrase. When you log out, the agent shuts down.
Another good option for a 'trusted' box is keychain which will allow you to run cronjobs over ssh even when you are logged out.
@@ -217,6 +216,18 @@
trap "kill -1 $SSH_AGENT_PID" EXIT
fi
</verbatim>
+!! Disable Password Authentication
+
+Use your favourite text editor [Vim] to edit /etc/ssh/sshd_config on the machine you wish to ssh to, and set these options.
+
+<verbatim>
+ChallengeResponseAuthentication no
+PasswordAuthentication no
+UsePAM no
+
+Now you will HAVE to have to have a key if you wish to SSH into that machine.
+If not you will NOT be prompted for a password but instead will see: ''Permission denied (publickey)''
+</verbatim>
----
Part of CategorySecurity and CategoryNetworking
