Operating System - HP-UX
1834394 Members
1992 Online
110066 Solutions
New Discussion

Setup for password-less SSH sessions

 
Jerry Sommerville_2
Frequent Advisor

Setup for password-less SSH sessions

I have installed SSH on Redhat and had no problems with the default behaviour NOT asking for login/password. On RH, if a authorized key file is not present, the session is immediately closed after entering the login ID. How can I duplicate this behaviour on HP-UX. Running 11.11 and HP-UX Secure Shell A.04.30.002. I do not want SSH allowing logins if keys are not found.
10 REPLIES 10
Christian Tremblay
Trusted Contributor

Re: Setup for password-less SSH sessions

Check the global ssh daemon configuration file:/opt/ssh/etc/sshd_config and set
PasswordAuthentication=no

(The default is yes)
Jerry Sommerville_2
Frequent Advisor

Re: Setup for password-less SSH sessions

Nice try, but my config file already has PasswordAuthentication=no

I am hoping there is something else I have missed.

... Jerry
Christian Tremblay
Trusted Contributor

Re: Setup for password-less SSH sessions

Did you kill/restart the daemon after you made the change ?
Jerry Sommerville_2
Frequent Advisor

Re: Setup for password-less SSH sessions

Yes. I did a kill on the PID. Verified it had died and then issued the command /usr/sbin/sshd to restart the daemon.
Jerry Sommerville_2
Frequent Advisor

Re: Setup for password-less SSH sessions

Christian - attached is the config file from /opt/ssh/etc/sshd_config


... Jerry
Christian Tremblay
Trusted Contributor

Re: Setup for password-less SSH sessions

I don't have a machine to test on right now,
but you could try setting:

usePAM=no
Jerry Sommerville_2
Frequent Advisor

Re: Setup for password-less SSH sessions

That worked. Thanks.
Points assigned.
Christian Tremblay
Trusted Contributor

Re: Setup for password-less SSH sessions

Sorry, do not change usePAM but uncomment the "UseLogin no" line in your config file.

This should do it.But the down side to this is that a user with a key will still be able to login even if the account is disabled.
Jerry Sommerville_2
Frequent Advisor

Re: Setup for password-less SSH sessions

You had it right the first time Christian. When I change UsePAM back to yes and uncommented UseLogin=no it still prompted for a login ID and password and I was able to get in. The UsePAM=no did work however so I am going to continue testing with that option. Thanks,

... Jerry
Logu_2
Advisor

Re: Setup for password-less SSH sessions

There are actually two password authentication.

1. normal password.
2. Challenge-response via PAM and keyboard interactive.

So set both of them to "no" instead of doing a usepam=no

PasswordAuthentication yes
ChallengeResponseAuthentication yes

-logu