[Discuss] ssh keys question
Matthew Gillen
me at mattgillen.net
Thu Jun 16 22:42:38 EDT 2016
On 6/16/2016 8:21 PM, Kent Borg wrote:
> On 06/16/2016 06:37 PM, Dan Ritter wrote:
>> 1. You can assign passwords, but tell sshd to only allow access via
>> keys. This is a Good Idea.
>
> So for you--someone running your own machine--you use keys to login but
> still use a password on sudo? (This is common? Seems part of going to
> keys is to get rid of passwords.)
Depends what you're going for. If you're opening up a port to the world
to brute force, it's generally smart to not allow password logins via
ssh. So the key-only auth is stronger for the bigger attack surface.
Requiring a password for sudo then isn't contradictory, it's a different
threat model. Passwords are for people already logged into the system,
or people who have physical access to the machine and can login to the
console (which is a much smaller attack surface).
Matt
More information about the Discuss
mailing list