----- Original Message -----
From: "Michael Schultz" m.schultz@srz.de To: centos@centos.org Sent: Thursday, October 10, 2013 6:44:36 AM Subject: [CentOS] SSH login from user with empty password
Hello list,
on a CentOS 6.4 machine I'm creating accounts with empty passwords. Each user's public key is located in <user's home>/.ssh/authorized_keys.
When trying to ssh into that machine, following error message is displayed: Permission denied (publickey).
In /etc/ssh/sshd_config I've set: PasswordAuthentication no UsePAM no
If I set a password for the users, the public key auth works without any problems.
Could anyone tell me what I'm missing here?
Thanks Michael
SSH by default will use a key pair if found but then drops back to login password. It will also fall back to password if the keypair has a passphrase and you just hit retrun without type it in. SSH won't allow you to connect because the password in the shadow file is blank. Basically if you don't have a password it should not allow you to login regardless. From a security standpoint it makes sense to never allow blank passwords. Just give the account a long 25 character random password and then setup SSH key pairs.
David.