It is understandable that this is confusing because what I am doing is the opposite of what people are instructed to do. One can even hard code a public key into OpenSSH in the source code which I have done when configuring OpenSSH as a recovery daemon that does not read or write to the disk. To accept any random key would require a change to the source code of OpenSSH. Using -i pass a key file but since I have not added any of your keys to the system then any key you specify will not match and the client will proceed on to the next authentication method you have enabled and have not explicitly disabled in the client. There is no password hash after the first colon in the shadow entry. etc/passwd serveradmin:x:22218:5000::/data/sftphome/serveradmin:/bin/false So none is matching in the PasswordAuthentication option. In this case of passwords, none will succeed since I enabled null passwords and that account has no password set. There are methods other than keys and passwords but I have not implemented any of them.Ī null password is using none which is a reserved term and has specific implications. That is why I jokingly said you may as well shut down the daemon to save ram. Earlier I mentioned there was the possibility to disable both of them at which point nobody would be able to log in because only keys and passwords are used on that system. Having both set to yes means you are able to use either.
0 Comments
Leave a Reply. |