Hardware: Xserve G5
Software: OS X Server 10.4.2
Services: AFP/SMB file
When I ran Panther server on my Xserves, I edited the Authentication section
in the /etc/sshd_config file to...PermitRootLogin without-password... to
disallow remote root login, but grant it for public key authentication for
rsync backups. This worked, and it still allowed my admin account to
remotely login. Then came the Tiger server upgrade of my Xserves.When I
performed the same edit on the 10.4.2 server and tested it from a remote
client, I found that 'ssh email@hidden' would grant a successful
login after I entered its password. My Panther servers would give a
'Permission denied (gssapi,publickey,password,keyboard-interactive) on such
an attempt.' I then perused the sshd_config man page and found this:"If this
option is set to "without-password" password authentication is disabled for
root. Note that other authentication methods (e.g., keyboard-interactive/PAM
may still allow root to login using a password."I suspect that Tiger server
is now using a later version of OpenSSH and the previous behavior changed.
Google offered this similar debian-ssh thread:
<http://lists.debian.org/debian-ssh/2004/09/msg00008.html> with some various
suggestions. Have others run into this? Do listers have any suggestions for
Tiger sshd_config edits that would achieve the previous Panther server
behavior? TIA
Michael Alatorre (mailto:email@hidden)
EIS Liaison Analyst
Cedars-Sinai Health System (http://www.cedars-sinai.edu/)
Medical Affairs: 310.423.6237 310.423.0448 (fax)
"La verdad a medias es mentira verdadera." -- Spanish Proverb
Important Warning: This message is intended for the use of the person or
entity to which it is addressed and may contain information that is
privileged and confidential, the disclosure of which is governed by
applicable law. If the reader is not the intended recipient, or the
employee or agent responsible for delivering it to the intended recipient,
you are hereby notified that any dissemination, distribution or copying of
this information is STRICTLY PROHIBITED.
If you have received this message in error, please notify us immediately,
by calling (310) 423-6428 -- and destroy the related message. Thank You for
your cooperation.
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/macos-x-server/email@hidden
This email sent to email@hidden
