Comments (7)
Hi,
normally setting this should be enough. However to help you I'd need to see your whole sshd_config
and the output in the log, /var/log/auth.log
or /var/log/secure
depending on your operating system.
from ansible-ssh-hardening.
Hey @rndmh3ro thanks for the reply. Sorry for the delay but needed access to the machine to get the information for you
Here is the sshd_config file sshd_config
Also here's the logs from the server once sshd was restarted. var/log/messages and var/log/secure
In a desperation attempt I also tried changing this in the sshd_config file
# Authentication
# --------------
# Secure Login directives.
UseLogin yes
But even then the login was denied ( I added the /var/log/messages output for that attempt to the previous gist too)
from ansible-ssh-hardening.
Well it says failed publickey for efthruser
. Did you use the correct one? Are the permissions of /home/efthruser/.ssh
correct?
Did you try it with another user?
from ansible-ssh-hardening.
So the permissions for .ssh and the files within are correct, however I was hoping I'd be able to delete any authorized keys .... I was hoping if the user was listed it would allow them to enter a password and not require a ssh key for access.
from ansible-ssh-hardening.
The key has to be authorized, otherwise it won't work. These are two layers of security, the authorized key and the sshd_config.
Password auth is disabled in the sshd_config.
from ansible-ssh-hardening.
ahh I'm such a numpty ,
PasswordAuthentication no
is what i need to change instead of UseLogin yes
from ansible-ssh-hardening.
Glad you got it working!
from ansible-ssh-hardening.
Related Issues (20)
- Possibility to use other value than yes/no for AllowTCPforwarding HOT 1
- Simplify crypto.yml checks with blocks HOT 1
- Cannot install policycoreutils-python on Fedora 31 HOT 2
- Add RHEL 8 Support HOT 5
- HostKey comment "# Req 20" breaks key based auth
- Remove dependency on bash HOT 2
- Disable Ubuntu dynamic login MOTD HOT 3
- RHEL/CentOS 8 requires removal or editing of /etc/crypto-policies/back-ends/openssh*.config HOT 6
- New Relese? HOT 2
- Ubuntu disable dynamic MOTD failing HOT 4
- ssh_exchange_identification: read: Connection reset by peer HOT 10
- AllowTCPForwarding set to `no` although I have `ssh_allow_tcp_forwarding: yes` HOT 4
- Add support for X11 configuration HOT 1
- Idempotency when changing sshd ports HOT 9
- Task create sshd_config and set permissions fails HOT 1
- Typo in hardening.yml HOT 1
- CBC Ciphers should be disabled by default. HOT 5
- network_ipv6_enable: true not working HOT 9
- Make SSH banner path configurable HOT 3
- MOTD Enabled prints MOTD twice on Ubuntu HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ansible-ssh-hardening.