BLU Discuss list archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Discuss] ssh keys question
- Subject: [Discuss] ssh keys question
- From: me at mattgillen.net (Matthew Gillen)
- Date: Thu, 16 Jun 2016 22:42:38 -0400
- In-reply-to: <57634288.6090704@borg.org>
- References: <57631030.9070803@borg.org> <20160616223755.GO9041@randomstring.org> <57634288.6090704@borg.org>
On 6/16/2016 8:21 PM, Kent Borg wrote: > On 06/16/2016 06:37 PM, Dan Ritter wrote: >> 1. You can assign passwords, but tell sshd to only allow access via >> keys. This is a Good Idea. > > So for you--someone running your own machine--you use keys to login but > still use a password on sudo? (This is common? Seems part of going to > keys is to get rid of passwords.) Depends what you're going for. If you're opening up a port to the world to brute force, it's generally smart to not allow password logins via ssh. So the key-only auth is stronger for the bigger attack surface. Requiring a password for sudo then isn't contradictory, it's a different threat model. Passwords are for people already logged into the system, or people who have physical access to the machine and can login to the console (which is a much smaller attack surface). Matt
- References:
- [Discuss] ssh keys question
- From: kentborg at borg.org (Kent Borg)
- [Discuss] ssh keys question
- From: dsr at randomstring.org (Dan Ritter)
- [Discuss] ssh keys question
- From: kentborg at borg.org (Kent Borg)
- [Discuss] ssh keys question
- Prev by Date: [Discuss] ssh keys question
- Next by Date: [Discuss] ssh keys question
- Previous by thread: [Discuss] ssh keys question
- Next by thread: [Discuss] ssh keys question
- Index(es):
