|
![](/i/fill.gif) |
>>>> In seriousness, manpages are, by definition, *reference*
>>>> documentation. What the standard Unix system lacks entirely is any
>>>> kind of *explanation*.
>>>
>>> Depends on the manpage.
>>
>> No, pretty much all of them list the command options, and that's it.
>
> So I'm lying, then, is that it?
OK, let me put it this way: I've never seen any manpage which is
anything more than a terse summary of command switches with an
incomplete description of what they do. The most in-depth manpage I've
seen is for Bash, which is still only a reference document, not an
introductory tutorial.
It seems to be that the /purpose/ of a manpage is to be a reference
document. Which is what you want when you're trying to remember the name
of the command switch that turns on the feature you want. But it's
useless when you're trying to figure out how to use a tool you've never
used before...
Then again, sometimes the manpage just says "use info". And then you had
/another/ problem...
>>> PasswordAuthentication
>>> Specifies whether password authentication is allowed.
>>> The default is “yes”.
>>>
>>> Seems pretty straightforward to me.
>>
>> Does that disable CHAP as well? Or only plain password authentication?
>> (If I'm remembering this right, CHAP is basically password
>> authentication, but with a slightly more secure wire protocol.)
>
> It doesn't say anything about CHAP. I'm pretty sure it also doesn't
> change the password encryption method from AES to Triple-DES as well.
> It's not likely to document everything it *doesn't* do, just what it
> *does* do.
So even with this line, people can *still* authenticate by password.
Hence my original statement that it's difficult to turn off all the ways
that users can get in with a password.
>> I thought the host key is how the server identifies itself to you, not
>> how you identify yourself to the server?
>
> Host keys aren't very commonly used AFAIK.
All three of the SFTP systems we use commercially have them.
>> At any rate, it's news to me that you can create a ~/.ssh folder and
>> sshd will actually take note of this. I don't recall the manpage
>> mentioning this at all.
>
> It's always been that way. The cited bit above is from the man page and
> says pretty explicitly that the user's keys are in ~/.ssh
OK. So now I'm wondering how come I never saw this information anywhere...
Post a reply to this message
|
![](/i/fill.gif) |