bob at proulx.com
Sat Apr 5 03:41:14 EST 2008
Peter Stuge wrote:
> Bob Proulx wrote:
> > When faced with a similar problem I ran an additional and separate
> > sshd and supplemented the configuration with command line arguments.
> > In this case IIRC -oPasswordAuthentication=no -Port=2222
> > -oPidFile=/var/run/sshd-noppass.pid
> Unfortunately the user will still be authenticated by password on
> port 22.
You missed reading (and subsequently trimmed out) the fact that there
were firewall rules involved. Just because I am a pedant here is what
> -oPidFile=/var/run/sshd-noppass.pid and installed a control script
> /etc/init.d/sshd.nopass and then adjusted firewall rules accordingly.
I don't know for what purpose the original poster is wanting to use
specialized configuration to turn off passwords but in my case I was
able to use firewall rules to ensure that only that specially
configured port was accessed from an untrusted network. I was able to
block the normal port and therefore able to block password access. I
kept password access available from the internal private (and much
more trusted) network.
More information about the openssh-unix-dev