1 |
-----BEGIN PGP SIGNED MESSAGE----- |
2 |
Hash: SHA1 |
3 |
|
4 |
Molavi, Dariush wrote: |
5 |
| I've noticed this on my box, as well... |
6 |
| |
7 |
| Is it just an sshd.conf entry to disable password interactive logins? |
8 |
| |
9 |
| Thanks, |
10 |
| DM |
11 |
|
12 |
Yes it is. You will need to edit /etc/ssh/sshd_config |
13 |
|
14 |
Add/change the following: |
15 |
PasswordAuthentication no |
16 |
|
17 |
(recommended but optional) |
18 |
Protocol 2 |
19 |
PermitRootLogin no |
20 |
PermitEmptyPasswords no (if not using keys) |
21 |
AllowTcpForwarding no |
22 |
X11Forwarding no |
23 |
|
24 |
Remember that this will disabled all keyboard logins. This means you |
25 |
will need to make a key (man ssh-keygen) and then copy id_rsa.pub to |
26 |
~/.ssh/authorized_keys BEFORE you logout. I like to use ssh-agent to |
27 |
keep my passphrase. Another hint is to NFS mount /home so all your |
28 |
users have keys on all boxes they have accounts. |
29 |
|
30 |
- -- |
31 |
Greg Watson |
32 |
http://www.linuxlogin.com |
33 |
GnuPG Key: http://www.linuxlogin.com/gpg_key.pub |
34 |
-----BEGIN PGP SIGNATURE----- |
35 |
Version: GnuPG v1.2.4 (GNU/Linux) |
36 |
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org |
37 |
|
38 |
iD8DBQFBBpcn0stmTYtmfxsRAum/AKCKWyroq4e9DaxEkxcTl5NTd7asSgCfeBlG |
39 |
eGMELfKLJaRaGQmJ7ksP+iE= |
40 |
=2Xm4 |
41 |
-----END PGP SIGNATURE----- |
42 |
|
43 |
-- |
44 |
gentoo-security@g.o mailing list |