| 1 |
Hello. |
| 2 |
I'm trying to have my sshd use only key-based auth while still taking |
| 3 |
advantages of the PAM modules. |
| 4 |
My sshd_config is config quite right but pam modules overwrite some of |
| 5 |
those settings that deny password login. How should I modify this file |
| 6 |
|
| 7 |
neuro root # cat /etc/pam.d/sshd |
| 8 |
|
| 9 |
auth required pam_unix.so nullok |
| 10 |
auth required pam_shells.so |
| 11 |
auth required pam_nologin.so |
| 12 |
auth required pam_env.so |
| 13 |
account required pam_unix.so |
| 14 |
password required pam_cracklib.so difok=3 retry=3 minlen=8 \ |
| 15 |
dcredit=2 ocredit=2 use_authtok |
| 16 |
password required pam_unix.so shadow md5 |
| 17 |
session required pam_unix.so |
| 18 |
session required pam_limits.so |
| 19 |
|
| 20 |
I've shamelessy copied this from the gentoo security guide and, as it |
| 21 |
was my understanding, it was supposed to deny password logins. Well it |
| 22 |
doesn't. When I disable PAM in /etc/ssh/sshd_config, passwords are |
| 23 |
disabled but as I said before I want to use PAM. |
| 24 |
Some recommended reading on PAM would be nice, too :). |
| 25 |
|
| 26 |
-- |
| 27 |
|
| 28 |
Adi |
| 29 |
|
| 30 |
-- |
| 31 |
gentoo-security@g.o mailing list |
Archives