passwordless ssh from laptop
Karl Auer
kauer at biplane.com.au
Mon Dec 26 06:26:34 UTC 2016
On Mon, 2016-12-26 at 05:46 +0000, thufir wrote:
> To disable password authentication, look for the following line in
> your sshd_config file:
>
> #PasswordAuthentication yes
If you want passwords to be DISABLED you need the following line in
/etc/ssh/sshd_config on the TARGET system (the system you will be
logging into):
PasswordAuthentication no
Having the line you suggest means you are depending on the default
setting (which is "no"), but it is better idea to make it explicit, and
delete the "yes" line. That way, you are very unlikely to accidentally
turn it back on. You are also protected if the developers release a
later version with that setting on a different default! And finally,
the config file is telling you clearly what your settings are.
DISABLED means that you will NOT be able to use your password to log
in. Instead, you will need to add your public key to the end of
~/.ssh/authorized_keys.
This is considerably more secure than allowing passwords.
You can allow BOTH; if you add your public key to the end of
~/.ssh/authorized_keys, you will be able to log in without a password,
but other people will still be able to login if they know the password.
This is not as secure as disabling password authentication.
However, if you do not protect your keys with a strong passphrase, then
anyone who obtains your private key (e.g., by having access to your
laptop for five minutes) can log in anywhere you use that key.
ssh logins without passwords should be used only for strictly limited
purposes, such as backups. Always use extra security, such as IP
address restrictions or command restrictions. Ideally, don't use
passwordless logins at all.
Also, read this: http://biplane.com.au/blog/?p=426
Regards, K.
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Karl Auer (kauer at biplane.com.au)
http://www.biplane.com.au/kauer
http://twitter.com/kauer389
GPG fingerprint: E00D 64ED 9C6A 8605 21E0 0ED0 EE64 2BEE CBCB C38B
Old fingerprint: 3C41 82BE A9E7 99A1 B931 5AE7 7638 0147 2C3C 2AC4
More information about the ubuntu-users
mailing list