Yea, thats what the url i sent explained howto do using putty..Its the only way i've done it, with passwordless keys in the past with Linux, Solaris, etc, as they use OpenSSH.
JFeole On Wed, Jun 25, 2014 at 2:46 PM, Tom Buskey <t...@buskey.name> wrote: > > On Wed, Jun 25, 2014 at 12:08 PM, Joshua Judson Rosen < > roz...@geekspace.com> wrote: > >> *AHA*--found the answer: >> >> http://article.gmane.org/gmane.network.openssh.general/7446 >> >> OpenSSH implements "none" auth by trying to authenticate >> with an empty password. I'm still not sure where in >> the code this is actually happening, but it does seem >> to work: if I just null-out my user's password, and then >> enable PermitEmptyPasswords in sshd_config, then I can >> use "ssh -o PreferredAuthentications=none" and it just works. >> >> Actually, I don't even have to pass "-o PreferredAuthentications=none"-- >> it looks like "none" auth is tried automatically, and it really >> all "just works" once I have a `passwordless' login allowed >> (for some somewhat surprising meaning of "just works"...). >> >> > I've created passwordless SSH keys. That turns it into having a shared > secret with is better then a blank password IMO. I think the keys would > work even if the account is locked in /etc/shadow and possibly other auth > methods. > > > > >> -- >> "'tis an ill wind that blows no minds." >> >> >> Joshua Judson Rosen <roz...@geekspace.com> writes: >> > >> > Having sshd manage auth using PKI is not what I'm looking for; >> > supposedly there is a "none" auth-type that SSH can use, >> > which means that SSH is just giving you an encrypted stream >> > and the shell running at the end of the link is responsible >> > for actually prompting for login credentials and authenticating >> > (similarly to using SSL telnet, since telnetd doesn't actually >> > manage logins, it just execs a "login" command and hooks >> > its stdio up to the socket that goes back to the client). >> > >> > Glancing at the code in OpenSSH 6.0 (client and server), it looks like >> > the OpenSSH client can be made to request "none" auth; and there are at >> > least some *vestiges* of support for "none" auth in the server-- >> > like all of the code in auth2-none.c, and this comment in auth2.c: >> > >> > /* Allow initial try of "none" auth without failure penalty */ >> > >> > (I also see that there's another `hidden auth mode' called "J-PAKE", >> > which looks interesting but is also probably not what I want). >> > >> > From what little documentation I see on sshd's >> ChallengeResponseAuthentication >> > option, it seems like that might let me do this... but only if I >> > implement the authenticating end as a PAM module rather than something >> > like a "login command"... >> > >> > Help!? >> > >> > Do I `just' need to patch sshd to actually accept "none" auth? >> _______________________________________________ >> gnhlug-discuss mailing list >> gnhlug-discuss@mail.gnhlug.org >> http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/ >> > >
_______________________________________________ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
