[CentOS] Disabling Password authenitication with SSH

Theo Band theo.band at xanadu-wireless.com
Thu Feb 8 15:55:08 UTC 2007


Ski Dawg wrote:
> Hello everyone,
>
> We are setting up a server at work, and we have run into something that
> I am not sure how to resolve.
>
> We have set up sshd (OpenSSH server) on the machine. We have placed ssh
> keys into each user's home directory that needs to access the system
> (and they work). We want to disable everyone from logging in, using a
> password, utilizing ssh keys only to access the system.
>
> I have modified /etc/ssh/sshd_conf to have these settings:
>     ChallengeResponseAuthentication no
>     PasswordAuthentication no
>     UsePAM no
>
> I then restarted the ssh daemon (/etc/init.d/sshd restart), but it still
> allows the user to login using their password. What am I missing?
>
> Searching google, only turned up the changes that I made above, so I am
> unclear what else that I need to do. Any guidance would be greatly
> appreciated. 
> --
> Doug
>   
I would advice these changes to the "default" sshd_config settings:

PermitRootLogin without-password
AuthorizedKeysFile    /just_a_dir/authorized_keys/%u
PasswordAuthentication no
UsePAM yes

This will give you control of access if at least the 
/just_a_dir/authorized_keys folder is not writeable for the world (the 
keys need to  readable, not writeable for the user that tries to log on)

Theo







More information about the CentOS mailing list