| View previous topic :: View next topic |
| Author |
Message |
maniacdavid
n00b
Joined: 03 May 2003
Posts: 29
|
 Posted: Fri Jun 04, 2004 4:01 pm Post subject: SSH: Skey and Public/Private Key Authentication |
 |
|
| Is there a way to do only Skey and Public/Private Key Authentication? It would be nice because if I'm somewhere but don't have my key, I can use a single use key. Right now, the only way it seems to do skey is by enabling passwords and I don't want that. |
|
| Back to top |
|
 |
davidblewett
Apprentice
Joined: 15 Feb 2004
Posts: 274
Location: Indiana
|
| Posted: Fri Jun 04, 2004 4:49 pm Post subject: |
|
|
Here's a Gentoo how-to, read all of the discussion:
https://forums.gentoo.org/viewtopic.php?t=103232
It looks like you would need to emerge OpenSSH without the PAM USE flag, but with SKey. Then get SKey set up.
_________________
No guilt in life, no fear in death
this is the power of Christ in me
From lifes first cry to final breath
Jesus commands my destiny
-- Newsboys, "In Christ Alone", "Adoration: The Worship Album" |
|
| Back to top |
|
|
maniacdavid
n00b
Joined: 03 May 2003
Posts: 29
|
| Posted: Fri Jun 04, 2004 9:12 pm Post subject: |
|
|
I'll read it again, but I didn't see anything about ONLY Skey and public/private key authentication. I can get Skey working but it seems to only work if I enable password authentication. I only want someone to use Skey or their certificate. Skey is used in case they don't have their certificate. Public/Private would be for everything else. |
|
| Back to top |
|
|
davidblewett
Apprentice
Joined: 15 Feb 2004
Posts: 274
Location: Indiana
|
| Posted: Fri Jun 04, 2004 9:33 pm Post subject: |
|
|
Near the end of the discussion, it was found out that in order to disable regular password checking you must emerge OpenSSH *without* the PAM USE flag. Otherwise, it will include the regular password check. You then would need this flag in the sshd_config: | Code: | | ChallengeResponseAuthentication yes |
I'm not sure how | Code: | | PasswordAuthentication yes |
fits in. When I looked through the man pages, it appears that skey is a supported ChallengeResponseAuthentication method so it should work... I haven't tested this.
_________________
No guilt in life, no fear in death
this is the power of Christ in me
From lifes first cry to final breath
Jesus commands my destiny
-- Newsboys, "In Christ Alone", "Adoration: The Worship Album" |
|
| Back to top |
|
|
maniacdavid
n00b
Joined: 03 May 2003
Posts: 29
|
| Posted: Sat Jun 05, 2004 3:25 am Post subject: |
|
|
| davidblewett wrote: | Near the end of the discussion, it was found out that in order to disable regular password checking you must emerge OpenSSH *without* the PAM USE flag. Otherwise, it will include the regular password check. You then would need this flag in the sshd_config: | Code: | | ChallengeResponseAuthentication yes |
I'm not sure how | Code: | | PasswordAuthentication yes |
fits in. When I looked through the man pages, it appears that skey is a supported ChallengeResponseAuthentication method so it should work... I haven't tested this. |
Got it. Sorry missed that last page on that discussion because I thought I had read it. I think that's dumb though that you have to install it without PAM. |
|
| Back to top |
|
|
|
Networking & Security
