Great, now i know howto prevent password autentication.
But one thing remains strange. I have a user entry without a password. But there is a principal for it in kerberos. I re enabled password authentication but the Kerberos* sshd options remains no, and : He is still able to login. I believed since "KerberosAuthentication no" he should not login. What am i during wrong ? Thanks in advance. On 3/12/07, Jacob Yocom-Piatt <[EMAIL PROTECTED]> wrote:
Gustavo Rios wrote: > How can i prevent a session to be openned without a ticket ? > I do not want a password based authentication. > > Is it possible? > of course it is. you can disable password-based logins if you like, see /etc/ssh/sshd_config. get a simple setup working, use google and please, RTFM. cheers, jake > On 3/12/07, Ryan Corder <[EMAIL PROTECTED]> wrote: >> On Mon, 2007-03-12 at 15:11 -0300, Gustavo Rios wrote: >> > But when i try to log on the same server but by means of its ip >> > address, i am requested to provide a password, like in: >> > >> > $ ssh -l grios 10.0.0.1 >> > [EMAIL PROTECTED]'s password: >> > Last login: Mon Mar 12 15:04:19 2007 from 10.0.0.250 >> > Could not chdir to home directory /home/grios: No such file or >> directory >> > $ >> >> Kerberos is fairly dependent on two things: name resolution and time >> synchronization. In the case of names, you probably have a >> host/my.server.com principle in your Kerberos realm, but there isn't one >> for host/1.2.3.4, thus Kerberos won't work since SSH is trying to >> request a ticket for a hostname that doesn't exist in the realm. >> >> > GSSAPIAuthentication yes >> > KerberosAuthentication no >> > KerberosGetAFSToken no >> > KerberosOrLocalPasswd no >> > KerberosTicketCleanup yes >> >> ChallengeResponseAuthentication, HostbasedAuthentication, >> PasswordAuthentication, and PubkeyAuthentication can all be set to 'no' >> to turn them off. However, I would suggest that you leave at least one >> alterntive authentication method on in case your Kerberos ever gets >> hosed or the time on your machine(s) get out of sync. >> >> later. >> ryanc >> >> -- >> Ryan Corder <[EMAIL PROTECTED]> >> Systems Engineer, NovaSys Health LLC. >> 501-219-4444 ext. 646
