4

I know I'm fighting a losing battle here, but with the right bit of elbow-grease I've got my shared hosting with GoDaddy to let me SSH in via pubkey auth (added in the ~/.ssh directory and an authorized_keys file, which their support told me I wasn't able to do with the shared hosting). I'm moving off of them as soon as I'm able to, but I'll ask this anyway for the sake of any future issues where this could help me:

Is there any way to force pubkey auth, either with the user-specific config file or with something similar? I could always go the long route of putting some scripting into the .profile that logs the user off unless some environment variable is set and then set that on a per-key basis with the authorized_keys file, but it seems like there should be an easier way than that. (Other than trying to forcibly gain access to their sshd_config file)

Amazingant
  • 175
  • 5

1 Answers1

5

The file ~/.ssh/config is for SSH client configuration. You cannot disable the SSH daemon from accepting password logins from this file. Off hand, I cannot think of any way to do it in a shared environment where you do not have access to the daemon configuration.

Since you are now using key-based authentication, why not set the password to something reasonably impossible to be brute force cracked?

Aaron Copley
  • 12,345
  • 5
  • 46
  • 67
  • Your best option is to get a Virtual Private Server (VPS)... or your own physical box. If you're that up on security items you're probably better off with your own environment. – voretaq7 Sep 27 '12 at 16:31
  • @Aaron They have limits on what I can set the password to, which I'm sure they think is helpful to me. – Amazingant Sep 27 '12 at 16:41
  • @voretaq7 As I mentioned in the question, I'm moving off of them as soon as I can, but figured if there was a way to make it work, it would at least be good to know for posterity's sake. I do plan on building a small linux box for it, and completely agree with you on that front. – Amazingant Sep 27 '12 at 16:43
  • 1
    @Amazingant [Correct horse battery staple](http://xkcd.com/936/) the infidels! – voretaq7 Sep 27 '12 at 16:44
  • @voretaq7 I wish. :P Their password requirements starts with "Must be 8-14 characters long." Seriously? – Amazingant Sep 27 '12 at 17:09