| gabriel rosenkoetter on Tue, 25 Sep 2001 08:30:15 +0200 |
|
On Mon, Sep 24, 2001 at 09:01:30PM -0400, Michael Leone wrote:
> I have
>
> UseLogin yes
>
> in sshd_config. I am not asked for a login ID or password; only for my
> key passphrase.
Well. You can't mix public key/private key user authentication with
password authentication in OpenSSH then, as near as I can tell.
It used to be that you could specify a program to run as the login
program on the UseLogin sshd_config line, but OpenSSH's man page
doesn't seem to suggest that. (I was remembering back to the
ssh-1.2.26 days.)
The hooks are probably still there, though, and it couldn't be
particularly difficult to hack this in.
I think you're completely missing the point of public/private key
authentication, though. The principal is to never send
authentication tokens over the wire by typing them which, even in an
encrypted stream, is less than safe. (Note that setting
ForwardAgent--for hosts you trust!!!--is also a pretty good idea,
since this also keeps you from typing passphrases across the link.)
--
~ g r @ eclipsed.net
Attachment:
pgpwVUU3DIyHp.pgp
|
|