7 replies to this topic

[johnnymanson]

I noticed the following line in the sshd_config file on a Ubuntu 8.10 box I was playing with.

#PasswordAuthentication yes

Is it normal for this to be commented out with the # sign?

SSH seems to be working normally, but I thought this was unusual.

[Ohm]

No idea why it's commented out, but it's on by default. Turning this off will only allow you to authenticate using some other method, like public key auth.

[johnnymanson]

Password authentication seems to work with the line commented out. I've even restarted the daemon and no change to the authentication method. I'll probably try public key in the future to see how it works. Thanks for the comment.

[mirrorshades]

sshd_config has the default options commented out, er, by default. That is to say that un-commenting them won't change the behavior of anything -- I assume they just list the more commonly-changed ones there like that to make them easier to find and tweak.

Check out the man page, it is extremely thorough (and explicitly includes all the defaults for all the options, which is nice):
http://www.manpagez..../5/sshd_config/

[Rightcoast]

Yep, as mirrorshades said, the defaults work regardless in a default install. If you are more interested in tweaking sshd_config and using key auth, you can check this out for some guidelines and things I do to further harden my install, and how to set up key pairs, automation, etc.

http://www.docdroppe...SSH_Effectively

[johnnymanson]

Thanks for the help guys.

[mirrorshades]

Always be cautious when tweaking sshd_config remotely. :)

Actually, I believe you can do a kill -HUP to restart the sshd process without terminating your existing connection... then try to connect again and if it doesn't work, then change it back!

[johnnymanson]

I haven't tried to tweak it remotely. I learned that lesson a long time ago with Terminal Server.