1 |
Hello. |
2 |
I'm trying to have my sshd use only key-based auth while still taking |
3 |
advantages of the PAM modules. |
4 |
My sshd_config is config quite right but pam modules overwrite some of |
5 |
those settings that deny password login. How should I modify this file |
6 |
|
7 |
neuro root # cat /etc/pam.d/sshd |
8 |
|
9 |
auth required pam_unix.so nullok |
10 |
auth required pam_shells.so |
11 |
auth required pam_nologin.so |
12 |
auth required pam_env.so |
13 |
account required pam_unix.so |
14 |
password required pam_cracklib.so difok=3 retry=3 minlen=8 \ |
15 |
dcredit=2 ocredit=2 use_authtok |
16 |
password required pam_unix.so shadow md5 |
17 |
session required pam_unix.so |
18 |
session required pam_limits.so |
19 |
|
20 |
I've shamelessy copied this from the gentoo security guide and, as it |
21 |
was my understanding, it was supposed to deny password logins. Well it |
22 |
doesn't. When I disable PAM in /etc/ssh/sshd_config, passwords are |
23 |
disabled but as I said before I want to use PAM. |
24 |
Some recommended reading on PAM would be nice, too :). |
25 |
|
26 |
-- |
27 |
|
28 |
Adi |
29 |
|
30 |
-- |
31 |
gentoo-security@g.o mailing list |