johnnymanson

sshd_config in Ubuntu 8.10 Question?

8 posts in this topic

I noticed the following line in the sshd_config file on a Ubuntu 8.10 box I was playing with.

#PasswordAuthentication yes

Is it normal for this to be commented out with the # sign?

SSH seems to be working normally, but I thought this was unusual.

Share this post


Link to post
Share on other sites
No idea why it's commented out, but it's on by default. Turning this off will only allow you to authenticate using some other method, like public key auth.

Share this post


Link to post
Share on other sites
Password authentication seems to work with the line commented out. I've even restarted the daemon and no change to the authentication method. I'll probably try public key in the future to see how it works. Thanks for the comment.

Share this post


Link to post
Share on other sites
sshd_config has the default options commented out, er, by default. That is to say that un-commenting them won't change the behavior of anything -- I assume they just list the more commonly-changed ones there like that to make them easier to find and tweak.

Check out the man page, it is extremely thorough (and explicitly includes all the defaults for all the options, which is nice):
[url="http://www.manpagez.com/man/5/sshd_config/"]http://www.manpagez.com/man/5/sshd_config/[/url]

Share this post


Link to post
Share on other sites
Yep, as mirrorshades said, the defaults work regardless in a default install. If you are more interested in tweaking sshd_config and using key auth, you can check this out for some guidelines and things I do to further harden my install, and how to set up key pairs, automation, etc.

[url="http://www.docdroppers.org/wiki/index.php?title=Using_SSH_Effectively"]http://www.docdroppers.org/wiki/index.php?...SSH_Effectively[/url]

Share this post


Link to post
Share on other sites
Always be cautious when tweaking sshd_config remotely. :)

Actually, I believe you can do a [b][font="Courier New"]kill -HUP[/font][/b] to restart the sshd process without terminating your existing connection... then try to connect again and if it doesn't work, then change it back!

Share this post


Link to post
Share on other sites
I haven't tried to tweak it remotely. I learned that lesson a long time ago with Terminal Server.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now