Re: Debian security: need recipe for blocking root ssh access AND all ssh password access

To: debian-user@lists.debian.org
Subject: Re: Debian security: need recipe for blocking root ssh access AND all ssh password access
From: Dominique Dumont <dod@debian.org>
Date: Sun, 21 Feb 2016 20:07:10 +0100
Message-id: <[🔎] 3538902.mYR82t241E@ylum>
Reply-to: dod@debian.org
In-reply-to: <[🔎] 20160217142402.GA19352@darac.org.uk>
References: <[🔎] CAFMGiz9e10ugawRLti+SGjfZu4XHHXZKkG=n0mcR6XniPRvp5Q@mail.gmail.com> <[🔎] 20160217142402.GA19352@darac.org.uk>

On Wednesday 17 February 2016 14:24:02 Darac Marjal wrote:
> >2. after initial setup, no ssh access will be allowed via a password
> 
> $ echo "PasswordAuthentication No" | sudo tee -a /etc/ssh/sshd_config

That's a bad idea: You may end up with 2 PasswordAuthentication entries in 
sshd_config. That's very confusing for the sys admin (been there, done that).

A safer command is :

$ sudo cme modify sshd 'PasswordAuthentication=no'

(requires cme and libconfig-model-openssh-perl packages)

HTH
-- 
 https://github.com/dod38fr/   -o- http://search.cpan.org/~ddumont/
http://ddumont.wordpress.com/  -o-   irc: dod at irc.debian.org

Reply to:

References:
- Debian security: need recipe for blocking root ssh access AND all ssh password access
  - From: Tom Browder <tom.browder@gmail.com>
- Re: Debian security: need recipe for blocking root ssh access AND all ssh password access
  - From: Darac Marjal <mailinglist@darac.org.uk>

Prev by Date: Re: rotating screen in debian tablet
Next by Date: Re: Setting up HDRI in ImageMagick
Previous by thread: Re: Debian security: need recipe for blocking root ssh access AND all ssh password access
Next by thread: Re: Debian security: need recipe for blocking root ssh access AND all ssh password access
Index(es):
- Date
- Thread