On 02/03/2014 11:52 AM, S. Dale Morrey wrote: > I misunderstood the without-password to mean they can login without a > password. > Guess that makes more sense. I can't imagine a situation except for > possibly embedded and not connected to the internet that you would want > root to login without a password.
I configured my VPS to disallow ssh password logins for _all_ users, including root, except from specific IP addresses. Combine that with a fail2ban script, and I don't have any problems with brute-force ssh attacks anymore. I don't bother with moving my sshd to a different port, or port-knocking. Also I have started putting passwords on all my important ssh keys (encrypts the keys), just for added safety in case a key file gets lifted off my computer somehow. ssh-agent and the agents built into most modern desktop environments can cache the keys and it makes it fairly painless to use. /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
