Removing password access to SSH server on Linux Mandriva 2008 and Mac OS 10.6 .2

1/12/10

Really, the issue is to move this to where no passwords are used and only key authentication (with passphrase) is used.
But I need to understand more, first...

ssh on AXP allows password login with PAM off. ssh on OSX does not. Why?

Here are the relevant parameters being played with in the sshd_config file. There are very few where AXP does not accept the defaulted value commented in the ssh_config file.

Protocol 2
Hostkey /etc/ssh/ssh~ (only because AXP puts these files in a subdirectory. OSX does not, so the default location is fine.)
PermitRoot no
Passwords yes
PermitEmpty no
ChallegeResponse yes (default)
UsePAM no
UsePrivSeparation (irrelevant, I think this just tightens requirements for file permissions and runs less of sshd at the root level)

When bringing up a tunnelier ssh client, for both AXP and OSX, the passphrase method fails. This needs to be looked into. It's where I want to go, eventually.
Then tunnelier falls to password. AXP accepts a password. OSX does not.
In order for OSX to accept the password, I find I have to "usePAM yes". With usePAM set to no, the tunnelier falls to interative-keyboard and gets stuck in a loop asking for a Submethod that I don't know how to specify or what to choose.



Created by brian. Last Modification: Friday 12 of February, 2010 09:30:38 CST by brian.