Thread: Problems using public key authentication in N900.
View Single Post
strank is offline strank
2009-12-13 , 10:22
Posts: 23 | Thanked: 23 times | Joined on Sep 2009 @ Vienna
#21
Originally Posted by cowb0y View Post
I'm not sure of any reason to not give the user account a password (on this platform). ... I also recommend assigning a strong root password, to help insulate against generic userland exploits.

If the passwordless method described is chosen, the user MUST disable password authentication in /etc/ssh/sshd_config (or anyone connecting will be granted shell access (and presumably, soon thereafter, root)).
Amen to the strong root password! However, the method described does not allow passwordless logins, on the contrary, since "NP" is not the hash of any password, login with password is now impossible both locally (as before) and via ssh. (I just verified that by changing my sshd_config and trying.)

My reasoning for not assigning 'user' a password is to avoid any conflicts with other changes during system updates. (Extra file instead of changed file, I still have a root password hash in /etc/passwd though...)
It does not really make a big difference probably, it is, however, actually more secure than assigning a password!

Nevertheless...

Originally Posted by cowb0y View Post
I recommend the following settings, regardless:

PermitRootLogin no
PasswordAuthentication no
... what cowb0y said.
 

The Following 2 Users Say Thank You to strank For This Useful Post: