You would want PasswordAuthentication set to no, and then specify a passphrase for the ssh private key when you generate it on the client machine. I'm not sure if you can mandate that ssh client keys have passphrases - I don't know that the server has any way to know the difference. Make sure you don't accidently have other authentication modes enabled as well. You can ensure what types are available with 'ssh -v hostname'.<br>
<br><br>Hope that helps,<br>-Ian<br><br><div class="gmail_quote">On Mon, Nov 3, 2008 at 03:36, David <span dir="ltr"><<a href="mailto:davidm777@yahoo.com">davidm777@yahoo.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<table border="0" cellpadding="0" cellspacing="0"><tbody><tr><td style="font-family: inherit; font-style: inherit; font-variant: inherit; font-weight: inherit; font-size: inherit; line-height: inherit; font-size-adjust: inherit; font-stretch: inherit;" valign="top">
I'd really like to use both a key-file and still require a password. The scenario is Windows laptops ssh-ing (PuTTY) into either an openSUSE 10.3 or Ubuntu 8.10 system.<br><br>I can get it so that the key-files 'work' but I can't make them required. That is, a user can log-in without having a key-file at all - so long as they user their password.<br>
<br>I've set the following 2 lines in sshd_config:<br>PasswordAuthentication yes<br>PublickeyAuthentication yes<br><br>Any ideas on what I'm misunderstanding or possibly forgetting to set?<br>David<br></td></tr></tbody></table>
<br>
<br>_______________________________________________<br>
Gslug-general mailing list<br>
<a href="mailto:Gslug-general@gslug.org">Gslug-general@gslug.org</a><br>
<a href="http://lists.gslug.org/mailman/listinfo/gslug-general" target="_blank">http://lists.gslug.org/mailman/listinfo/gslug-general</a><br></blockquote></div><br>