Question --> ssh_allow_users -- Should allow specific logins ? about ansible-ssh-hardening HOT 7 CLOSED

Hi,

normally setting this should be enough. However to help you I'd need to see your whole sshd_config and the output in the log, /var/log/auth.log or /var/log/secure depending on your operating system.

from ansible-ssh-hardening.

Hey @rndmh3ro thanks for the reply. Sorry for the delay but needed access to the machine to get the information for you

Here is the sshd_config file sshd_config

Also here's the logs from the server once sshd was restarted. var/log/messages and var/log/secure

In a desperation attempt I also tried changing this in the sshd_config file

# Authentication
# --------------

# Secure Login directives.
UseLogin yes

But even then the login was denied ( I added the /var/log/messages output for that attempt to the previous gist too)

from ansible-ssh-hardening.

Well it says failed publickey for efthruser. Did you use the correct one? Are the permissions of /home/efthruser/.ssh correct?
Did you try it with another user?

from ansible-ssh-hardening.

So the permissions for .ssh and the files within are correct, however I was hoping I'd be able to delete any authorized keys .... I was hoping if the user was listed it would allow them to enter a password and not require a ssh key for access.

from ansible-ssh-hardening.

The key has to be authorized, otherwise it won't work. These are two layers of security, the authorized key and the sshd_config.
Password auth is disabled in the sshd_config.

from ansible-ssh-hardening.

ahh I'm such a numpty ,

PasswordAuthentication no is what i need to change instead of UseLogin yes

from ansible-ssh-hardening.

Glad you got it working!

from ansible-ssh-hardening.