I have this in /etc/ssh/sshd_config: PasswordAuthentication no
And yet, sshd ignores this and allows password authentication, because UsePAM is set to "yes" down at the bottom of the file. This seems like a bad sort of default behaviour. I would recommend that a note be added somewhere prominent that indicates this to folks who are familiar with ssh but not with the impact of that PAM statement... Maybe this isn't a big concern, but it confused me for a while, and I've been using sshd on other platforms for years. It seems to violate the principle of least surprise, and it's a security issue... On a related note, it seems that the sshd_config man page differs from the distributed config file. The man page says that the default for UsePAM is "no". -- Mason Loring Bliss [EMAIL PROTECTED] Ewige Blumenkraft! awake ? sleep : random() & 2 ? dream : sleep; -- Hamlet, Act III, Scene I
pgpGCSmmTAjsC.pgp
Description: PGP signature
