LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
LinkBack Search this Thread
Old 09-25-2008, 03:40 PM   #1
dasy2k1
Member
 
Registered: Oct 2005
Location: 127.0.0.1
Distribution: Ubuntu 12.04 X86_64
Posts: 956

Rep: Reputation: 34
problem disabling SSH password login on suse 11


im trying to disable password logins via SSH on my suse 11 box forcing public key authorisation however even with the sshd_config file shown below it still allows it

Code:
#       $OpenBSD: sshd_config,v 1.77 2008/02/08 23:24:07 djm Exp $

# This is the sshd server system-wide configuration file.  See
# sshd_config(5) for more information.                        

# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where         
# possible, but leave them commented.  Uncommented options change a    
# default value.                                                       

Port 4242
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::     

# Disable legacy (protocol version 1) support in the server for new
# installations. In future the default will change to require explicit
# activation of protocol 1                                            
Protocol 2                                                            

# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key  
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key

# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h                          
#ServerKeyBits 768                                   

# Logging
# obsoletes QuietMode and FascistLogging
SyslogFacility AUTH                     
LogLevel INFO                           

# Authentication:

LoginGraceTime 2m
PermitRootLogin no 
StrictModes yes    
MaxAuthTries 3     

#RSAAuthentication yes
PubkeyAuthentication yes
#AuthorizedKeysFile     .ssh/authorized_keys

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no                                                
# similar for protocol version 2                                           
#HostbasedAuthentication no                                                
# Change to yes if you don't trust ~/.ssh/known_hosts for                  
# RhostsRSAAuthentication and HostbasedAuthentication                      
#IgnoreUserKnownHosts no                                                   
# Don't read the user's ~/.rhosts and ~/.shosts files                      
#IgnoreRhosts yes                                                          

# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication no                                     
PermitEmptyPasswords no                                       

# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes     

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no   

# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes

# Set this to 'yes' to enable support for the deprecated 'gssapi' authentication
# mechanism to OpenSSH 3.8p1. The newer 'gssapi-with-mic' mechanism is included 
# in this release. The use of 'gssapi' is deprecated due to the presence of     
# potential man-in-the-middle attacks, which 'gssapi-with-mic' is not susceptible to.
#GSSAPIEnableMITMAttack no                                                           
                                                                                     

# Set this to 'yes' to enable PAM authentication, account processing, 
# and session processing. If this is enabled, PAM authentication will 
# be allowed through the ChallengeResponseAuthentication and          
# PasswordAuthentication.  Depending on your PAM configuration,       
# PAM authentication via ChallengeResponseAuthentication may bypass   
# the setting of "PermitRootLogin without-password".                  
# If you just want the PAM account and session checks to run without  
# PAM authentication, then enable this but set PasswordAuthentication 
# and ChallengeResponseAuthentication to 'no'.                        
UsePAM yes                                                            

#AllowTcpForwarding yes
#GatewayPorts no
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#UsePrivilegeSeparation yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS yes
#PidFile /var/run/sshd.pid
#MaxStartups 10
#PermitTunnel no
#ChrootDirectory none

# no default banner path
#Banner none

# override default of no subsystems
Subsystem       sftp    /usr/lib64/ssh/sftp-server

# This enables accepting locale enviroment variables LC_* LANG, see sshd_config(5).
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL

# Example of overriding settings on a per-user basis
#Match User anoncvs
#       X11Forwarding no
#       AllowTcpForwarding no
#       ForceCommand cvs server

what am i doing wrong here?
 
Old 09-25-2008, 07:03 PM   #2
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 69
Code:
UsePAM no
SuSE is sneaky like that.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
ssh login without password shishirkotkar Linux - Software 2 04-12-2008 04:27 PM
ssh login without password centos1986 Linux - Security 1 05-01-2007 07:45 AM
SSH Login with no password mperkel Linux - Security 3 01-16-2007 08:42 AM
how to deny password login in the ssh? please u2911 Linux - Security 4 07-02-2004 12:42 AM
Disabling root login via SSH moger Linux - Security 7 06-20-2004 03:55 PM


All times are GMT -5. The time now is 04:48 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration