Ridding myself of root passwords?

Michael Torrie torriem at gmail.com
Mon Feb 3 12:08:38 MST 2014


On 02/03/2014 11:52 AM, S. Dale Morrey wrote:
> I misunderstood the without-password to mean they can login without a
> password.
> Guess that makes more sense.  I can't imagine a situation except for
> possibly embedded and not connected to the internet that you would want
> root to login without a password.

I configured my VPS to disallow ssh password logins for _all_ users,
including root, except from specific IP addresses.  Combine that with a
fail2ban script, and I don't have any problems with brute-force ssh
attacks anymore.  I don't bother with moving my sshd to a different
port, or port-knocking.

Also I have started putting passwords on all my important ssh keys
(encrypts the keys), just for added safety in case a key file gets
lifted off my computer somehow.  ssh-agent and the agents built into
most modern desktop environments can cache the keys and it makes it
fairly painless to use.


More information about the PLUG mailing list