PubkeyAuthentication no

Message

1veedo · Post by **1veedo** » Thu Nov 18, 2010 7:20 pm

I'm trying to set up sshd so you have to already have the public key in order to log in, ie the server wont send it to you even if you ask. I found this setting PubkeyAuthentication but it still sends the public key even if you set it to no. How exactly do you turn that off?

Post by Hu » Fri Nov 19, 2010 3:30 am

I think you are very confused. First, why do you care if the server sends you its public key? This is the only way you can be sure you have connected to the correct sshd. Second, the setting you found controls whether clients are permitted to use public key authentication to log in. It has no effect on the pre-login handshake.

1veedo · Post by **1veedo** » Sun Nov 21, 2010 12:38 am

I guess I'll just do it by IP then... I'm pretty sure you can do it that way.

Post by Hu » Sun Nov 21, 2010 1:45 am

You can restrict logins to specific source addresses, but there is no way to prevent the sshd from sending its key to any client which connects. This behavior is a necessary part of the protocol. Disabling it would not provide any security.