On Tue, 15 Jul 2008 08:53:18 -0700, c wrote:

> Folks,
>
> We have some devious developers that use ssh between two Solaris
> servers.
>
> They run ssh-keygen -t rsa etc etc and set up their auto login between
> the two servers.
>
> Is there a setting in /etc/ssh/sshd_config that I can change to ALWAYS
> ask for a password and prevent ssh from using public/private key
> authentication ?
>
> We'd ideally like to be able to rotate the passwords after the
> developers leave and not leave this potiental for a back door into our
> systems. Disabling ssh is not an option as we ( root users ) use it all
> the time..

For OpenSSH I believe that one can add an entry to the
sshd_config file to control this.

Are you positive that you want to do this though? Password
authentication is far less secure than public key authentication, and
when your developers leave you can remove from your system the public
they used in order to log in passwordless.