Re: Debian security: need recipe for blocking root ssh access AND all ssh password access
On Wednesday 17 February 2016 14:24:02 Darac Marjal wrote:
> >2. after initial setup, no ssh access will be allowed via a password
>
> $ echo "PasswordAuthentication No" | sudo tee -a /etc/ssh/sshd_config
That's a bad idea: You may end up with 2 PasswordAuthentication entries in
sshd_config. That's very confusing for the sys admin (been there, done that).
A safer command is :
$ sudo cme modify sshd 'PasswordAuthentication=no'
(requires cme and libconfig-model-openssh-perl packages)
HTH
--
https://github.com/dod38fr/ -o- http://search.cpan.org/~ddumont/
http://ddumont.wordpress.com/ -o- irc: dod at irc.debian.org
Reply to: