i finally got my key-pair system working... sort of a makeshift eToken
system. however, i only want to allow this sytem for system access. i
don't want to allow for the standard user/pass authentication system.
right now i changed the following:
# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication no
(i removed the comment and changed it to no).
however, i can still login with my user/pass.
any idea how i can prevent this?
what you can do is strip out all valid logins from the /etc/passwd file on the target system so the only login names left are that of ftp, and things like that
okay, i'm confused. how exactly is this going to help me do what i want to do?
won't this prevent any normal login from happening?
i simply want to kill the user/pass system and enforce keys. i have my private key on my usb-flash device. and i only want to allow access to my network if the private key off the USB device is used... and no other way.
it's a really ugly way of using eTokens but if it works... i can wow some clients... 
one though occured to me... but i really don't want to do it this way.
i could make the userpass word a long string of garbage... but... no... this is still allowing for a user/pass method.