|
![](/i/fill.gif) |
>>> Seems pretty straightforward to me.
>>
>> Does that disable CHAP as well? Or only plain password authentication?
>> (If I'm remembering this right, CHAP is basically password
>> authentication, but with a slightly more secure wire protocol.)
>>
>
> Indeed, for ssh, PasswordAuthentication is never going to CHAP.
> PasswordAuthentication of ssh need that the lower layer negociated
> already an encryption and a mac/checksum.
> (it is forbidden to use password authentication over a clear connection)
>
> Myself, I prefer signature authentication, with ~/.ssh/authorized_keys .
> My password/passphrase locally unlock the private key, and the public
> key is in the remote host(s) user directory.
Yeah, that's basically my point. It took me *forever* to figure out how
to make it so that public key is the /only/ enabled protocol, so that if
you don't have a copy of my private key, there is NO WAY IN HELL that
you can log in to my box.
Seems like a simple thing to want to do, but I tested it several times
and it was still letting me log in with a weak-arse password instead of
demanding a key.
> In fact, the FILES section of the man page for sshd is long... very long.
As is the configuration file, IIRC...
Post a reply to this message
|
![](/i/fill.gif) |