Bug 469207

Summary: YaST sshd module forgets to enable ssh port in the firewall
Product: [openSUSE] openSUSE 11.1 Reporter: Carlos Robinson <carlos.e.r>
Component: YaST2Assignee: Lukas Ocilka <locilka>
Status: RESOLVED FIXED QA Contact: Jiri Srain <jsrain>
Severity: Normal    
Priority: P3 - Medium CC: mattm3a
Version: Final   
Target Milestone: ---   
Hardware: Other   
OS: openSUSE 11.1   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Carlos Robinson 2009-01-24 23:10:04 UTC 
User-Agent:       Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.5) Gecko/2008121300 SUSE/3.0.5-0.1 Firefox/3.0.5

System is 11.1 running as guest in vmware.

I tried the YaST sshd config module, and this did not enable the port in the SuSEfirewall, nor did it remind the admin to do it manually.


Also, with the tick box for "password enabled" not ticked I was able to connect using password. I assume that it should configure sshd to force key entry, generate the keys, and inform the user of which file should be placed on the client side and where.

Reproducible: Always
Comment 1 Lukas Ocilka 2009-01-26 11:28:33 UTC 
The first "issue" is a feature request. YaST SSHD Configuration never did that see also bug #396375

The second one seems to be a bit tricky and the documentation lacks useful comments, see also:
http://lists.debian.org/debian-isp/2005/11/msg00014.html

Anyway, it seems I do not understand the options enough.

`man sshd_config` says this:

PasswordAuthentication
  Specifies whether password authentication is allowed. The default is “yes”.

According to the same man page, other options have to be changed depending
on the other system settings: KerberosAuthentication, UsePAM, 
ChallengeResponseAuthentication.

Is there any simple explanation of that option or should I rather drop it?
Anyway, by default in SUSE, it's "PasswordAuthentication no".
Comment 2 Lukas Ocilka 2009-01-29 09:41:02 UTC 
*** Bug 470350 has been marked as a duplicate of this bug. ***
Comment 3 Lukas Ocilka 2009-01-29 09:52:57 UTC 
- Dropping possibility to adjust PasswordAuthentication option
  as it has no or rather misleading effect (bnc #469207).
- yast2-sshd-2.17.2 (resp. 2.18.0)