HPE Community
Operating System - HP-UX
1834394 Members
1992 Online
110066 Solutions
New Discussion

Setup for password-less SSH sessions

 
Jerry Sommerville_2
Frequent Advisor

‎06-02-2006 06:43 AM

‎06-02-2006 06:43 AM

Setup for password-less SSH sessions

I have installed SSH on Redhat and had no problems with the default behaviour NOT asking for login/password. On RH, if a authorized key file is not present, the session is immediately closed after entering the login ID. How can I duplicate this behaviour on HP-UX. Running 11.11 and HP-UX Secure Shell A.04.30.002. I do not want SSH allowing logins if keys are not found.
0 Kudos
Reply
10 REPLIES 10
Christian Tremblay
Trusted Contributor

‎06-02-2006 07:06 AM

‎06-02-2006 07:06 AM

Re: Setup for password-less SSH sessions

Check the global ssh daemon configuration file:/opt/ssh/etc/sshd_config and set
PasswordAuthentication=no

(The default is yes)
0 Kudos
Reply
Jerry Sommerville_2
Frequent Advisor

‎06-02-2006 07:14 AM

‎06-02-2006 07:14 AM

Re: Setup for password-less SSH sessions

Nice try, but my config file already has PasswordAuthentication=no

I am hoping there is something else I have missed.

... Jerry
0 Kudos
Reply
Christian Tremblay
Trusted Contributor

‎06-02-2006 07:39 AM

‎06-02-2006 07:39 AM

Re: Setup for password-less SSH sessions

Did you kill/restart the daemon after you made the change ?
0 Kudos
Reply
Jerry Sommerville_2
Frequent Advisor

‎06-02-2006 07:42 AM

‎06-02-2006 07:42 AM

Re: Setup for password-less SSH sessions

Yes. I did a kill on the PID. Verified it had died and then issued the command /usr/sbin/sshd to restart the daemon.
0 Kudos
Reply
Jerry Sommerville_2
Frequent Advisor

‎06-02-2006 07:45 AM

‎06-02-2006 07:45 AM

Re: Setup for password-less SSH sessions

Christian - attached is the config file from /opt/ssh/etc/sshd_config


... Jerry
0 Kudos
Reply
Christian Tremblay
Trusted Contributor

‎06-02-2006 08:00 AM

‎06-02-2006 08:00 AM

Re: Setup for password-less SSH sessions

I don't have a machine to test on right now,
but you could try setting:

usePAM=no
0 Kudos
Reply
Jerry Sommerville_2
Frequent Advisor

‎06-02-2006 08:24 AM

‎06-02-2006 08:24 AM

Re: Setup for password-less SSH sessions

That worked. Thanks.
Points assigned.
0 Kudos
Reply
Christian Tremblay
Trusted Contributor

‎06-02-2006 08:25 AM

‎06-02-2006 08:25 AM

Re: Setup for password-less SSH sessions

Sorry, do not change usePAM but uncomment the "UseLogin no" line in your config file.

This should do it.But the down side to this is that a user with a key will still be able to login even if the account is disabled.
0 Kudos
Reply
Jerry Sommerville_2
Frequent Advisor

‎06-02-2006 08:34 AM

‎06-02-2006 08:34 AM

Re: Setup for password-less SSH sessions

You had it right the first time Christian. When I change UsePAM back to yes and uncommented UseLogin=no it still prompted for a login ID and password and I was able to get in. The UsePAM=no did work however so I am going to continue testing with that option. Thanks,

... Jerry
0 Kudos
Reply
Logu_2
Advisor

‎06-02-2006 07:12 PM

‎06-02-2006 07:12 PM

Re: Setup for password-less SSH sessions

There are actually two password authentication.

1. normal password.
2. Challenge-response via PAM and keyboard interactive.

So set both of them to "no" instead of doing a usepam=no

PasswordAuthentication yes
ChallengeResponseAuthentication yes

-logu
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.