Peter Stuge wrote:
> Bob Proulx wrote:
> > When faced with a similar problem I ran an additional and separate
> > sshd and supplemented the configuration with command line arguments.
> > In this case IIRC -oPasswordAuthentication=no -Port=2222
> > -oPidFile=/var/run/sshd-noppass.pid

>
> Unfortunately the user will still be authenticated by password on
> port 22.


You missed reading (and subsequently trimmed out) the fact that there
were firewall rules involved. Just because I am a pedant here is what
I said:

> -oPidFile=/var/run/sshd-noppass.pid and installed a control script
> /etc/init.d/sshd.nopass and then adjusted firewall rules accordingly.

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

:-)

I don't know for what purpose the original poster is wanting to use
specialized configuration to turn off passwords but in my case I was
able to use firewall rules to ensure that only that specially
configured port was accessed from an untrusted network. I was able to
block the normal port and therefore able to block password access. I
kept password access available from the internal private (and much
more trusted) network.

Bob
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/li...enssh-unix-dev