Servidor SSH continua pedindo senha [RESOLVIDO]

1. Servidor SSH continua pedindo senha [RESOLVIDO]

dzm_linux
(usa Debian)

Enviado em 26/03/2013 - 18:29h

Caros,

Configurei um servidor SSH para o uso de chaves RSA.
Os usuários que possuem chaves conseguem se logar com sucesso, e os usuários que não tem chaves não deveriam poder se logar, devido a eu ter desabilitado a autenticação por senha comum.

Para tanto, modifiquei a seguinte linha:

"PasswordAuthentication no"

e reiniciei o servidor, mas ele continua pedindo senha (para os usuários que não possuem chaves)

Segue o arquivo "/etc/ssh/sshd_config"



#	$OpenBSD: sshd_config,v 1.82 2010/09/06 17:10:19 naddy Exp $



# This is the sshd server system-wide configuration file.  See

# sshd_config(5) for more information.



# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin



# The strategy used for options in the default sshd_config shipped with

# OpenSSH is to specify options with their default value where

# possible, but leave them commented.  Uncommented options change a

# default value.



#Port 22

#AddressFamily any

#ListenAddress 0.0.0.0

#ListenAddress ::



# The default requires explicit activation of protocol 1

#Protocol 2



# HostKey for protocol version 1

#HostKey /etc/ssh/ssh_host_key

# HostKeys for protocol version 2

#HostKey /etc/ssh/ssh_host_rsa_key

#HostKey /etc/ssh/ssh_host_dsa_key

#HostKey /etc/ssh/ssh_host_ecdsa_key



# Lifetime and size of ephemeral version 1 server key

#KeyRegenerationInterval 1h

#ServerKeyBits 1024



# Logging

# obsoletes QuietMode and FascistLogging

#SyslogFacility AUTH

#LogLevel INFO



# Authentication:



#LoginGraceTime 2m

#PermitRootLogin yes

#StrictModes yes

#MaxAuthTries 6

#MaxSessions 10



#RSAAuthentication yes

#PubkeyAuthentication yes

#AuthorizedKeysFile	.ssh/authorized_keys



# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts

#RhostsRSAAuthentication no

# similar for protocol version 2

#HostbasedAuthentication no

# Change to yes if you don't trust ~/.ssh/known_hosts for

# RhostsRSAAuthentication and HostbasedAuthentication

#IgnoreUserKnownHosts no

# Don't read the user's ~/.rhosts and ~/.shosts files

#IgnoreRhosts yes



# To disable tunneled clear text passwords, change to no here!

#PermitEmptyPasswords no



# Change to no to disable s/key passwords

#ChallengeResponseAuthentication yes



# Kerberos options

#KerberosAuthentication no

#KerberosOrLocalPasswd yes

#KerberosTicketCleanup yes

#KerberosGetAFSToken no



# GSSAPI options

#GSSAPIAuthentication no

#GSSAPICleanupCredentials yes



# Set this to 'yes' to enable support for the deprecated 'gssapi' authentication

# mechanism to OpenSSH 3.8p1. The newer 'gssapi-with-mic' mechanism is included

# in this release. The use of 'gssapi' is deprecated due to the presence of

# potential man-in-the-middle attacks, which 'gssapi-with-mic' is not susceptible to.

#GSSAPIEnableMITMAttack no



# Set this to 'yes' to enable PAM authentication, account processing, 

# and session processing. If this is enabled, PAM authentication will 

# be allowed through the ChallengeResponseAuthentication and

# PasswordAuthentication.  Depending on your PAM configuration,

# PAM authentication via ChallengeResponseAuthentication may bypass

# the setting of "PermitRootLogin without-password".

# If you just want the PAM account and session checks to run without

# PAM authentication, then enable this but set PasswordAuthentication

# and ChallengeResponseAuthentication to 'no'.

UsePAM yes



#AllowAgentForwarding yes

#AllowTcpForwarding yes

#GatewayPorts no

X11Forwarding no

#X11DisplayOffset 10

#X11UseLocalhost yes

#PrintMotd yes

#PrintLastLog yes

#TCPKeepAlive yes

#UseLogin no

#UsePrivilegeSeparation yes

#PermitUserEnvironment no

#Compression delayed

#ClientAliveInterval 0

#ClientAliveCountMax 3

#UseDNS yes

#PidFile /var/run/sshd.pid

#MaxStartups 10

#PermitTunnel no

#ChrootDirectory none



# no default banner path

#Banner none



# override default of no subsystems

Subsystem sftp	/usr/lib/ssh/sftp-server



# This enables accepting locale enviroment variables LC_* LANG, see sshd_config(5).

AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES

AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT

AcceptEnv LC_IDENTIFICATION LC_ALL

AllowTcpForwarding yes

Compression yes

#MaxAuthTries 6

PermitRootLogin no

PrintMotd yes

PubkeyAuthentication yes

RSAAuthentication no

PasswordAuthentication no



# Example of overriding settings on a per-user basis

#Match User anoncvs

#	X11Forwarding no

#	AllowTcpForwarding no

#	ForceCommand cvs server