PermitRootLogin without-password functionality differs for UsePAM yes/no option

Darren Tucker dtucker at zip.com.au
Fri Jan 21 00:42:04 EST 2005


Michael Stone wrote:
> On Thu, Jan 20, 2005 at 08:43:53PM +1100, you wrote:
>> You can prevent this by setting "PasswordAuthentication yes" and 
>> "ChallengeResponseAuthentication no" in sshd_config.
> 
> But that completely changes the authentication for all users. Let's try
> putting this a different way: it would be nifty if there were a way to
> allow root logins only with a key (which is what people thought they
> were getting when they set without-password) which is short of
> forced-command only.

There is.  It's in bug #971, already in the development tree and was 
described in the part of the message you snipped.

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
     Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.




More information about the openssh-unix-dev mailing list