sshd_config

Latest response

sshd_config file:

To disable tunneled clear text passwords, change to no here!

PasswordAuthentication yes

PermitEmptyPasswords no

"PasswordAuthentication yes" is the default value. we don't need add "PasswordAuthentication yes" as shown below?

To disable tunneled clear text passwords, change to no here!

PasswordAuthentication yes

PermitEmptyPasswords no

PasswordAuthentication yes (adding this line is not necessary right?)

Responses

Sorry, I don't understand your posting. What is your question or problem?

Hello, in RHEL7 , I looked in /etc/ssh/ssh_config and saw:

# Site-wide defaults for some commonly used options.  For a comprehensive
# list of available options, their meanings and defaults, please see the
# ssh_config(5) man page.

and further down this:

#   PasswordAuthentication yes

and further down this:

PubkeyAuthentication yes

So it seems "PubkeyAuthentication yes" is enabled by default.

Then I looked in manual page ssh_config and found:

PasswordAuthentication
             Specifies whether to use password authentication.  The argument to this keyword must be  'yes' or 'no'.  The  default is 'yes'.
PasswordAuthentication yes

is the default value, I think there is no need to add this without hash mark to make it active :

PasswordAuthentication yes

PasswordAuthentication yes

When something is a default value in OpenSSH (or other services, for that matter), one generally need not explicitly specify the configuration item and value for it to be active.

That said, if you need to subject your systems to compliance scanning, some scan-tools don't care about defaults and will declare a configuration-failure if the item is not explicitly set.

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.