Unfortunately no one can be told what fun_plug is - you have to see it for yourself.
You are not logged in.
because my DNS323 (fun_plug 0.5, firmware 1.07) connects every night to the internet to rsync backups, I want it to have secure as possible. So I configured ssh PubkeyAuthentication, all works fine.
But now it´s necessary to disable PAM authentication in
/mnt/HD_a2/ffp/etc/ssh/sshd_config: UsePAM no
but this will have no effect.
After restarting the DNS323 (*) the PAM authentication is still available.
Any hints for me?
Thank you all!
Stefan
(*) btw: "/mnt/HD_a2/ffp/start/sshd.sh restart" will not restart, just stop the ssh service, so a restart by the web interface is necessary. Strange ...
Offline
fonz wrote:
How do you know PAM is (still) available (at all)?
after disabling PAM a ssh-login by typing username and password is still possible
(after editing /mnt/HD_a2/ffp/etc/ssh/sshd_config the dns323 was restarted)
fonz wrote:
Why do you think the ssh server is not properly restarted?
after running
/mnt/HD_a2/ffp/start/sshd.sh restart
the open putty session says "Server unexptededly closed network connection" and all new ssh connections will be refused
(after restarting the dns323 by web-interface ssh-logins are possible again)
Offline
st2xo wrote:
fonz wrote:
How do you know PAM is (still) available (at all)?
after disabling PAM a ssh-login by typing username and password is still possible
(after editing /mnt/HD_a2/ffp/etc/ssh/sshd_config the dns323 was restarted)
That doesn't mean that PAM was enabled before. Actually, openssh in ffp is compiled without PAM support.
So I'm pretty sure that PAM has never been enabled, no matter what options you have
in your sshd_config.
st2xo wrote:
fonz wrote:
Why do you think the ssh server is not properly restarted?
after running
Code:
/mnt/HD_a2/ffp/start/sshd.sh restartthe open putty session says "Server unexptededly closed network connection" and all new ssh connections will be refused
(after restarting the dns323 by web-interface ssh-logins are possible again)
Most Linux distributions do a graceful restart of sshd. Instead of killing all ssh servers,
only the listener process is killed and restarted. This approach doesn't kill your
open sessions, and, more important, not the session you're using to restart sshd.
ffp doesn't do this graceful type of restart. And the effect you're seeing is this: /ffp/start/sshd.sh restart will kill all active ssh sessions, including the session that currently runs /ffp/start/sshd.sh. The script aborts and no new sshd is started.
Two options: a) Use telnet to restart sshd, b) use nohup to make /ffp/start/sshd.sh continue even when the session is disconnected.
Offline
fonz wrote:
Actually, openssh in ffp is compiled without PAM support.
So I'm pretty sure that PAM has never been enabled, no matter what options you have
in your sshd_config.
but how is the login by username+password to be disabled so that only a login with public-key is possible?
fonz wrote:
ffp doesn't do this graceful type of restart ... Two options: a) Use telnet to restart sshd, b) use nohup to make /ffp/start/sshd.sh continue even when the session is disconnected.
ok, guess something like that. will using telnet to restart ssh - thanks for the hint!
Offline
st2xo wrote:
but how is the login by username+password to be disabled so that only a login with public-key is possible?
man sshd_config
PasswordAuthentication
Specifies whether password authentication is allowed. The default is ``yes''.
Offline