Disable Username/Password Logins

Discussion in 'ISPConfig 3 Priority Support' started by OwnYourOwn, Nov 10, 2015.

  1. OwnYourOwn

    OwnYourOwn Member HowtoForge Supporter

    Following your Key-Based SSH Logins With PuTTY step #9: Disable Username/Password Logins, I made the changes to sshd_config:
    Protocol 2
    PasswordAuthentication no
    UsePAM no
    Then tried to restart sshd and got the following error:
    Could not load host key: /etc/ssh/ssh_host_ecdsa_key
    [....] Restarting OpenBSD Secure Shell server: sshdCould not load host key: /etc/ssh/ssh_host_ecdsa_key
    So consequently I can still SSH as root.
    I checked and ssh_host_ecdsa_keys were missing so I ran:
    ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N ”password
    It created the keys but I still get the same error when restarting sshd "Could not load host key: /etc/ssh/ssh_host_ecdsa_key"

    Your help would be appreciated, Thanks.
     
  2. OwnYourOwn

    OwnYourOwn Member HowtoForge Supporter

    Solved the problem with the keys by uninstalling SSH and reinstalling it:
    apt-get purge openssh-server
    and then
    apt-get install ssh openssh-server
    Made changes again to sshd_config - restarted sshd and still can log in as root or with keys
    Can also ftp to server using root and password
    I've doubble checked sshd_config and the changes are correct?
     
  3. till

    till Super Moderator Staff Member ISPConfig Developer

    To allow only key based loginsm set:

    PermitRootLogin without-password

    and restart sshd.

    I guess you mix up ftp with sftp. SFTP is ssh and not ftp and therefor part of the sshd. Root logins by ftp are not possible as pure-ftpd forbids that by default.
     
  4. OwnYourOwn

    OwnYourOwn Member HowtoForge Supporter

    Thanks That fixed it!
    Yes, I think ftp but never use it, always use sftp.
    Just finished: The Perfect Server - Debian 8 Jessie (Apache2, BIND, Dovecot, ISPConfig - without any problems!
    Thanks for all your work!
     

Share This Page