At 11:46 AM -0800 11/8/05, Alatorre, Michael wrote:
Hardware: Xserve G5
Software: OS X Server 10.4.2
Services: AFP/SMB file
When I ran Panther server on my Xserves, I edited the Authentication section
in the /etc/sshd_config file to...PermitRootLogin without-password... to
disallow remote root login, but grant it for public key authentication for
rsync backups. This worked, and it still allowed my admin account to
remotely login. Then came the Tiger server upgrade of my Xserves.When I
performed the same edit on the 10.4.2 server and tested it from a remote
client, I found that 'ssh email@hidden' would grant a successful
login after I entered its password. My Panther servers would give a
'Permission denied (gssapi,publickey,password,keyboard-interactive) on such
an attempt.' I then perused the sshd_config man page and found this:"If this
option is set to "without-password" password authentication is disabled for
root. Note that other authentication methods (e.g., keyboard-interactive/PAM
may still allow root to login using a password."I suspect that Tiger server
is now using a later version of OpenSSH and the previous behavior changed.
Well that is easy enough to check. `ssh -v` on Panther 10.3.9 produces:
OpenSSH_3.6.1p1+CAN-2004-0175, SSH protocols 1.5/2.0, OpenSSL 0x0090702f
while on Tiger 10.4.2 it produces:
OpenSSH_3.8.1p1, OpenSSL 0.9.7g 11 Apr 2005
Check each releases notes for any changes in behavior.
iWiring provides systems and networks support for Mac OS X, unix, and
Open Source application technologies at affordable rates.
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/macos-x-server/email@hidden
