Ridding myself of root passwords?

Michael Torrie torriem at gmail.com
Thu Feb 6 09:23:17 MST 2014


On 02/06/2014 04:02 AM, Dan Egli wrote:
> Interesting, and I could certainly see that in a /root/.sshd/config file,
> but in the master file? That indicates that unless you have the
> certificate, NO ONE can login via SSH. That seems overkill to me. 

Well, if you're a site like github, hosting git repos over ssh, it's
probably a very wise prudent thing to do.  Requiring all your users to
access via key is the only safe thing to do, really.  Of course in my
situation, and github's, there is a method for securely installing keys.
 In my case I can get in via a secure web-based terminal that Linode
provides and add my key. In github's case you use their web interface to
load the key.

> Perhaps
> that works good in your situation, but I certainly can't see a situation
> where I'd want to do that. In root's config, sure. That makes a LOT of
> sense. But not for every user on the system. I suppose you could override
> the global behavior by an individual user's .sshd/config file, but that
> still seems like overkill to me. 

You can easily do what you say with the global file. That's what the
"PermitRootLogin without-password" option is for.

> Perhaps you can explain why you block
> logins except via ssh key or certificate to all users? I'd be curious to
> understand the reasoning behind this approach.

Frankly it's the only way to secure an ssh server from brute-force
attacks.  Actually it stops brute force attacks at the door, since the
don't offer any keys upon connecting, so they get disconnected before
they can even offer a password to try.

Plus ssh keys are just way more secure than passwords, that we all know
are not well-chosen by end users.  And they aren't that hard to use.


More information about the PLUG mailing list