limiting authentication mechanisms [was: Re: Restrict extranet connection to a group]
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Mon Oct 1 07:11:32 EST 2012
On 09/29/2012 05:25 PM, Peter Stuge wrote:
> I don't allow password or challenge+response (kbdint).
fwiw, ChallengeResponseAuthentication is actually a different setting
from KbdInteractiveAuthentication.
I usually do:
PasswordAuthentication no
KbdInteractiveAuthentication no
ChallengeResponseAuthentication no
To limit authentication to saner mechanisms like pubkey or GSSAPI (when
patched in).
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1030 bytes
Desc: OpenPGP digital signature
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20120930/c5018e9b/attachment.bin>
More information about the openssh-unix-dev
mailing list