Ski Dawg wrote: > Hello everyone, > > We are setting up a server at work, and we have run into something that > I am not sure how to resolve. > > We have set up sshd (OpenSSH server) on the machine. We have placed ssh > keys into each user's home directory that needs to access the system > (and they work). We want to disable everyone from logging in, using a > password, utilizing ssh keys only to access the system. > > I have modified /etc/ssh/sshd_conf to have these settings: > ChallengeResponseAuthentication no > PasswordAuthentication no > UsePAM no > > I then restarted the ssh daemon (/etc/init.d/sshd restart), but it still > allows the user to login using their password. What am I missing? > > Searching google, only turned up the changes that I made above, so I am > unclear what else that I need to do. Any guidance would be greatly > appreciated. > -- > Doug > I would advice these changes to the "default" sshd_config settings: PermitRootLogin without-password AuthorizedKeysFile /just_a_dir/authorized_keys/%u PasswordAuthentication no UsePAM yes This will give you control of access if at least the /just_a_dir/authorized_keys folder is not writeable for the world (the keys need to readable, not writeable for the user that tries to log on) Theo