PermitRootLogin without-password still allows root login
When I ran Panther server on my Xserves, I edited the Authentication section in the /etc/sshd_config file to...
PermitRootLogin without-password
... to disallow remote root login, but allow it for public key authentication for rsync backups. This worked, and it still allowed other accounts to remotely login. Then came the Tiger server upgrade of my Xserves.
When I did performed the same edit and tested it, lo and behold I found that ssh root@example.com would get me password prompt and a successful login when I entered its password. I then perused the sshd_config man page and found this:
"If this option is set to "without-password" password authentication is disabled for root. Note that other authentication methods (e.g., keyboard-interactive/PAM may still allow root to login using a password."
I suspect that Tiger server is now using a later version of OpenSSH and the previous behavior changed. Do others have any suggestions for sshd_config edits that would achieve the previous Panther server behavior? TIA
PermitRootLogin without-password
... to disallow remote root login, but allow it for public key authentication for rsync backups. This worked, and it still allowed other accounts to remotely login. Then came the Tiger server upgrade of my Xserves.
When I did performed the same edit and tested it, lo and behold I found that ssh root@example.com would get me password prompt and a successful login when I entered its password. I then perused the sshd_config man page and found this:
"If this option is set to "without-password" password authentication is disabled for root. Note that other authentication methods (e.g., keyboard-interactive/PAM may still allow root to login using a password."
I suspect that Tiger server is now using a later version of OpenSSH and the previous behavior changed. Do others have any suggestions for sshd_config edits that would achieve the previous Panther server behavior? TIA