Active Topics

 



Notices
Page 3 of 3 12 3
Reply
Thread Tools
strank is offline strank
2009-12-13 , 10:22
Posts: 23 | Thanked: 23 times | Joined on Sep 2009 @ Vienna
#21
Originally Posted by cowb0y View Post
I'm not sure of any reason to not give the user account a password (on this platform). ... I also recommend assigning a strong root password, to help insulate against generic userland exploits.

If the passwordless method described is chosen, the user MUST disable password authentication in /etc/ssh/sshd_config (or anyone connecting will be granted shell access (and presumably, soon thereafter, root)).
Amen to the strong root password! However, the method described does not allow passwordless logins, on the contrary, since "NP" is not the hash of any password, login with password is now impossible both locally (as before) and via ssh. (I just verified that by changing my sshd_config and trying.)

My reasoning for not assigning 'user' a password is to avoid any conflicts with other changes during system updates. (Extra file instead of changed file, I still have a root password hash in /etc/passwd though...)
It does not really make a big difference probably, it is, however, actually more secure than assigning a password!

Nevertheless...

Originally Posted by cowb0y View Post
I recommend the following settings, regardless:

PermitRootLogin no
PasswordAuthentication no
... what cowb0y said.
 

The Following 2 Users Say Thank You to strank For This Useful Post:
cowb0y is offline cowb0y
2009-12-13 , 22:27
Posts: 17 | Thanked: 10 times | Joined on Dec 2009 @ New York, NY, USA
#22
Thanks for the clarification.
 
Reply
Page 3 of 3 12 3

« Previous Thread | Next Thread »

 
Forum Jump


All times are GMT. The time now is 08:24.

Contact Us - Home - Archive - Top