|
![](/i/fill.gif) |
Le 14/09/2011 10:42, Invisible a écrit :
>> PasswordAuthentication
>> Specifies whether password authentication is allowed. The
>> default is “yes”.
>>
>> Seems pretty straightforward to me.
>
> Does that disable CHAP as well? Or only plain password authentication?
> (If I'm remembering this right, CHAP is basically password
> authentication, but with a slightly more secure wire protocol.)
>
Indeed, for ssh, PasswordAuthentication is never going to CHAP.
PasswordAuthentication of ssh need that the lower layer negociated
already an encryption and a mac/checksum.
(it is forbidden to use password authentication over a clear connection)
Myself, I prefer signature authentication, with ~/.ssh/authorized_keys .
My password/passphrase locally unlock the private key, and the public
key is in the remote host(s) user directory.
>
> I thought the host key is how the server identifies itself to you, not
> how you identify yourself to the server?
Correct.
>
> At any rate, it's news to me that you can create a ~/.ssh folder and
> sshd will actually take note of this. I don't recall the manpage
> mentioning this at all.
~/.ssh/authorized_keys !!
(name can be configured with AuthorizedKeysFile )
May be you have a different man page for sshd.
Mine talk about ~/.ssh/rc, ~/.ssh/environment, and more...
including ~/.ssh/known_hosts
In fact, the FILES section of the man page for sshd is long... very long.
--
Software is like dirt - it costs time and money to change it and move it
around.<br/><br/>
Just because you can't see it, it doesn't weigh anything,
and you can't drill a hole in it and stick a rivet into it doesn't mean
it's free.
Post a reply to this message
|
![](/i/fill.gif) |