diff options
| author | Markus Friedl <markus@cvs.openbsd.org> | 1999-10-07 21:45:04 +0000 |
|---|---|---|
| committer | Markus Friedl <markus@cvs.openbsd.org> | 1999-10-07 21:45:04 +0000 |
| commit | 6e7e05417a32dd36ddfb2755a30aaef99f727d97 (patch) | |
| tree | 1627a5eea59bd10356b842f5b7ed0346717a98a4 /usr.bin/ssh/sshd_config | |
| parent | 3420dc17a77c97696c3c678a6b8725d22c9d6a73 (diff) | |
add skey to sshd:
1) pass *pw to auth_password() not user_name, do_authentication already
keeps private copy of struct passwd for current user.
2) limit authentication attemps to 5, otherwise
ssh -o 'NumberOfPasswordPrompts 100000' host
lets you enter 100000 passwds
3) make s/key a run-time option in /etc/sshd_config
4) generate fake skeys,
for s/key for nonexisting users, too
limit auth-tries for nonexisting users, too.
Note that
% ssh -l nonexisting-user -o 'NumberOfPasswordPrompts 100000' host
has NO limits in ssh-1.2.27
Diffstat (limited to 'usr.bin/ssh/sshd_config')
| -rw-r--r-- | usr.bin/ssh/sshd_config | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/usr.bin/ssh/sshd_config b/usr.bin/ssh/sshd_config index 3c5e41879fa..5f30462b301 100644 --- a/usr.bin/ssh/sshd_config +++ b/usr.bin/ssh/sshd_config @@ -29,6 +29,8 @@ RSAAuthentication yes # To disable tunneled clear text passwords, change to no here! PasswordAuthentication yes PermitEmptyPasswords no +# Uncomment to disable s/key passwords +#SkeyAuthentication no # To change Kerberos options #KerberosAuthentication no |