[LEDE-DEV] [PATCH v1 1/1] openssh: disable passwords for openssh server
Stijn Tintel
stijn at linux-ipv6.be
Sat Feb 17 13:54:45 PST 2018
On 09-02-18 01:28, Philip Prindeville wrote:
> From: Philip Prindeville <philipp at redfish-solutions.com>
>
> Allowing password logins leaves you vulnerable to dictionary
> attacks. We disable password-based authentication, limiting
> authentication to keys only which are more secure.
>
> Note: You'll need to pre-populate your image with some initial
> keys. To do this:
>
> 1. Create the appropriate directory as "mkdir -p files/root/.ssh"
> from your top-level directory;
> 2. Copy your "~/.ssh/id_rsa.pub" (or as appropriate) into
> "files/root/.ssh/authorized_keys" and indeed, you can collect
> keys from several sources this way by concatenating them;
> 3. Set the permissions on "authorized_keys" to 644 or 640.
>
>
NAK. This is going to bite people. It takes much more time and effort to
recover from a device you can no longer access due to this change, than
to manually disable password authentication in OpenSSH.
More information about the Lede-dev
mailing list