[LEDE-DEV] [PATCH v1 1/1] openssh: disable passwords for openssh server
Rosen Penev
rosenp at gmail.com
Sat Feb 17 17:49:35 PST 2018
On Sat, Feb 17, 2018 at 1:54 PM, Stijn Tintel <stijn at linux-ipv6.be> wrote:
> On 09-02-18 01:28, Philip Prindeville wrote:
>> From: Philip Prindeville <philipp at redfish-solutions.com>
>>
>> Allowing password logins leaves you vulnerable to dictionary
>> attacks. We disable password-based authentication, limiting
>> authentication to keys only which are more secure.
>>
>> Note: You'll need to pre-populate your image with some initial
>> keys. To do this:
>>
>> 1. Create the appropriate directory as "mkdir -p files/root/.ssh"
>> from your top-level directory;
>> 2. Copy your "~/.ssh/id_rsa.pub" (or as appropriate) into
>> "files/root/.ssh/authorized_keys" and indeed, you can collect
>> keys from several sources this way by concatenating them;
>> 3. Set the permissions on "authorized_keys" to 644 or 640.
>>
>>
> NAK. This is going to bite people. It takes much more time and effort to
> recover from a device you can no longer access due to this change, than
> to manually disable password authentication in OpenSSH.
On that note, how do you recover with OpenSSH? Currently, root
password access is disabled. My method is to install dropbear and use
that temporarily while i enable root password access.
>
>
> _______________________________________________
> Lede-dev mailing list
> Lede-dev at lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/lede-dev
More information about the Lede-dev
mailing list