On Fri, Nov 23, 2007 at 09:21:24AM +0800, Quan Qiu wrote: > On Nov 22, 2007 1:01 AM, Vivek Khera <[EMAIL PROTECTED]> wrote: > > > > On Nov 21, 2007, at 12:45 AM, Quan Qiu wrote: > > > > > > > > "ChallengeResponseAuthentication no" is also required to avoid sshd > > > accepting keyboard-interactive/pam.
This affects all users, and not just root. This is probably not what you want. > Using the following settings in sshd_config: > > PermitRootLogin without-password > PasswordAuthentication no > UseDNS no > Subsystem sftp /usr/libexec/sftp-server > > PuTTY'ing to the box produces: > > Using username "root". > Using keyboard-interactive authentication. > Password: And have you tried actually attempting to log in with root's password that way? I'm betting it doesn't work. Here's proof from our RELENG_6 box, where I'm attempting to log in as root on it: eos$ whoami jdc eos$ ssh [EMAIL PROTECTED] The authenticity of host 'anubis.sc1.private.lan (10.72.0.125)' can't be established. DSA key fingerprint is ... Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'anubis.sc1.private.lan' (DSA) to the list of known hosts. Password: Password: Password: And the sshd_config from anubis is all defaults values, except for "PermitRootLogin without-password". -- | Jeremy Chadwick jdc at parodius.com | | Parodius Networking http://www.parodius.com/ | | UNIX Systems Administrator Mountain View, CA, USA | | Making life hard for others since 1977. PGP: 4BD6C0CB | _______________________________________________ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "[EMAIL PROTECTED]"
