Disallowing password authentication on socket
- From: Olav Vitters <olav bkor dhs org>
- To: gnome-infrastructure gnome org, gnome-sysadmin gnome org
- Subject: Disallowing password authentication on socket
- Date: Wed, 13 Aug 2008 12:01:50 +0200
Thanks to a new enough ssh on socket, it was possible to disable
password authentication for all users except sysadmins for the socket
machine.
For reference this is done using (/etc/ssh/sshd_config):
PasswordAuthentication no
Match Group admin
PasswordAuthentication yes
Note: the admin group is defined using /etc/group, not LDAP. So
sysadmins can still login even if LDAP is down.
--
Regards,
Olav
[
Date Prev][Date Next] [
Thread Prev][Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
