| View previous topic :: View next topic |
| Author |
Message |
Rust710
n00b
Joined: 11 Sep 2005
Posts: 17
|
 Posted: Tue Dec 13, 2005 7:13 pm Post subject: SSH authentication |
 |
|
| I have sshd working fine with both password and public key authentication, is it possible to disable password authentication for all IP addresses, except localhost? |
|
| Back to top |
|
 |
Zeos
n00b
Joined: 26 Oct 2003
Posts: 13
|
| Posted: Tue Dec 13, 2005 7:18 pm Post subject: |
|
|
set "PasswordAuthentication no" in /etc/ssh/sshd_config to disable passwords alltogether ....just curious, why would you want to login via ssh from localhost?  |
|
| Back to top |
|
|
Rust710
n00b
Joined: 11 Sep 2005
Posts: 17
|
| Posted: Tue Dec 13, 2005 7:35 pm Post subject: |
|
|
| NX authenticates the user through ssh from localhost, so that doesn't help. I need it to allow password authentication from localhost. |
|
| Back to top |
|
|
Zeos
n00b
Joined: 26 Oct 2003
Posts: 13
|
| Posted: Tue Dec 13, 2005 10:24 pm Post subject: |
|
|
Ahh, I see .....had me scratching my head there 
How about having a seperate ssh process listen on lo?
Start your current sshd as you do now(password login's disabled) and bind it to your external ip (ListenAddress). Then create a second config file, allowing passwords and listening on port 22 on 127.0.0.1 (ListenAddress), start the second instance with "/usr/sbin/sshd -f /etc/ssh/sshd_config_localhost" |
|
| Back to top |
|
|
adsmith
Veteran
Joined: 26 Sep 2004
Posts: 1386
Location: NC, USA
|
| Posted: Tue Dec 13, 2005 10:50 pm Post subject: |
|
|
used host-based authentication for localhost (or all machines on the lan)
documentation on host-based auth is reasonably abundant. |
|
| Back to top |
|
|
outspoken
Guru
Joined: 14 Feb 2004
Posts: 464
Location: orlando, fl
|
| Posted: Tue Dec 13, 2005 11:05 pm Post subject: Re: SSH authentication |
|
|
| Rust710 wrote: | | I have sshd working fine with both password and public key authentication, is it possible to disable password authentication for all IP addresses, except localhost? |
what version of sshd are you using?
|
|
| Back to top |
|
|
Rust710
n00b
Joined: 11 Sep 2005
Posts: 17
|
| Posted: Wed Dec 14, 2005 12:04 am Post subject: Re: SSH authentication |
|
|
| outspoken wrote: |
what version of sshd are you using?
|
OpenSSH_4.2p1, OpenSSL 0.9.7e 25 Oct 2004 |
|
| Back to top |
|
|
Rust710
n00b
Joined: 11 Sep 2005
Posts: 17
|
| Posted: Wed Dec 14, 2005 12:55 am Post subject: |
|
|
I got Hostbased Authentication to work, but the only way I got it to work is by adding:
| Code: |
HostbasedAuthentication yes
EnableSSHKeysign yes
|
to /etc/ssh/ssh_config . NX is either not listening to it, or doesn't have a ssh-keysign that's needed for hostbased authentication. Anywhere else I should look? |
|
| Back to top |
|
|
|
Networking & Security
