Not sure I understand the complete question. We do person by person as in loading up authorized_keys with the personal rsa.pub key such as: cat .ssh/id_rsa.pub | ssh b@B 'cat >> .ssh/authorized_keys'. Will ask you for password to complete the task. Once done, should not ask for password until key changes.
The .ssh lives in the home folder of each user so that each user has a unique key loaded into their remote home folder. This gives us passwordless ssh as well as positive identity of each individual to load them into the proper account. Same goes for root so that root will ssh into root. Recompiling, must not. Positive ID, must have. Am I way off base? -----Original Message----- From: Shawn Wells [mailto:[email protected]] Sent: Thursday, June 08, 2017 10:28 PM To: [email protected] Subject: [Non-DoD Source] Re: Disabling passwords in the cloud On 6/8/17 9:38 AM, Brent Kimberley wrote: Does sshd need to be recompiled - in order to completely disable password authentication? I would like to reduce the number of false positives in /var/log/secure ^.*sshd.*: Invalid user .* from .*$ ^.*sshd.*: reverse mapping checking getaddrinfo for .* failed - POSSIBLE BREAK-IN ATTEMPT!$ ^.* sshd.*: input_userauth_request: invalid user .*$ In theory, should be able to disable ChallengeResponseAuthentication and PasswordAuthentication, then call it a day. Never actually tried, though.
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ scap-security-guide mailing list -- [email protected] To unsubscribe send an email to [email protected]
