On Sat, Feb 17, 2018 at 1:54 PM, Stijn Tintel <st...@linux-ipv6.be> wrote: > On 09-02-18 01:28, Philip Prindeville wrote: >> From: Philip Prindeville <phil...@redfish-solutions.com> >> >> Allowing password logins leaves you vulnerable to dictionary >> attacks. We disable password-based authentication, limiting >> authentication to keys only which are more secure. >> >> Note: You'll need to pre-populate your image with some initial >> keys. To do this: >> >> 1. Create the appropriate directory as "mkdir -p files/root/.ssh" >> from your top-level directory; >> 2. Copy your "~/.ssh/id_rsa.pub" (or as appropriate) into >> "files/root/.ssh/authorized_keys" and indeed, you can collect >> keys from several sources this way by concatenating them; >> 3. Set the permissions on "authorized_keys" to 644 or 640. >> >> > NAK. This is going to bite people. It takes much more time and effort to > recover from a device you can no longer access due to this change, than > to manually disable password authentication in OpenSSH. On that note, how do you recover with OpenSSH? Currently, root password access is disabled. My method is to install dropbear and use that temporarily while i enable root password access. > > > _______________________________________________ > Lede-dev mailing list > Lede-dev@lists.infradead.org > http://lists.infradead.org/mailman/listinfo/lede-dev
_______________________________________________ Lede-dev mailing list Lede-dev@lists.infradead.org http://lists.infradead.org/mailman/listinfo/lede-dev
