password-less console-only access and ssh remote access?

My ideal setup would be: 1) no passwords ("*" in /etc/passwd or via vipw) 2) only ssh for remote access i.e. no password-based security, only something better 3) except console, where anyone should be able to login without any password (granted, I only have two users, root and jay)

Re: password-less console-only access and ssh remote access?

On Thu, Oct 21, 2010 at 05:38:54PM +, Jay K wrote: > My ideal setup would be: > 1) no passwords ("*" in /etc/passwd or via vipw) > 2) only ssh for remote access >i.e. no password-based security, only something better > 3) except console, where anyone should be able to login > wit

Re: password-less console-only access and ssh remote access?

> You can get almost the same thing by setting "PasswordAuthentication" to "no" > in your sshd_config file, and hand out empty or ridiculously simple passwords > for the console (honestly, who would forget "yermomsawhore" as a password?). How do I limit their use to the console? If say I ssh in

Re: password-less console-only access and ssh remote access?

On Fri, Oct 22, 2010 at 1:01 PM, Jay K wrote: >> You can get almost the same thing by setting "PasswordAuthentication" to > "no" >> in your sshd_config file, and hand out empty or ridiculously simple > passwords >> for the console (honestly, who would forget "yermomsawhore" as a > password?). > >

Re: password-less console-only access and ssh remote access?

On Fri, Oct 22, 2010 at 10:01:17AM +, Jay K wrote: > > You can get almost the same thing by setting "PasswordAuthentication" to > "no" > > in your sshd_config file, and hand out empty or ridiculously simple > passwords > > for the console (honestly, who would forget "yermomsawhore" as a > passw

Re: password-less console-only access and ssh remote access?

able to su/sudo, but they can still login. Right? So I'm back to the earlier point. Thanks, - Jay > Date: Fri, 22 Oct 2010 13:11:44 +0300 > Subject: Re: password-less console-only access and ssh remote access? > From: tomas.bod...@gmai

Re: password-less console-only access and ssh remote access?

able to su/sudo, but they can still login. Right? So I'm back to the earlier point. Thanks, - Jay > Date: Fri, 22 Oct 2010 13:11:44 +0300 > Subject: Re: password-less console-only access and ssh remote access? > From: tomas.bod...@gmai

Re: password-less console-only access and ssh remote access?

> Turn off sudo and don't put users you don't want to have root in the > wheel group. > > I find what you want to be questionable though. But can't they still run "login"? Why questionable? I want security and convenience. I don't consider passwords to be either. physical security + ssh is what I

Re: password-less console-only access and ssh remote access?

I believe you can do something like this. but I see it not really making you more secure, still questionable sed s/secure/insecure/g /etc/ttys >> /tmp/temp; mv /tmp/temp /etc/ttys Mark On Fri, Oct 22, 2010 at 3:56 PM, Jay K wrote: > > Turn off sudo and don't put users you don't want t

Re: password-less console-only access and ssh remote access?

su/sudo, but they can still > login. > Right? So I'm back to the earlier point. > > Thanks, > B - Jay > > -------------------- >> Date: Fri, 22 Oct 2010 13:11:44 +0300 >> Subject: Re: password-less console-only access and ssh remote access? &g

Re: password-less console-only access and ssh remote access?

> > If I chroot then I can't do much at all right? > > Unless I replicate/link like the entire system, minus login. > > You sai'd that you want to limit them, not I. I just don't want them to be able to login as root. And I don't want a password for root. If they are on the console though, ok

Re: password-less console-only access and ssh remote access?

On Fri, Oct 22, 2010 at 11:53 PM, Jay K wrote: >> > If I chroot then I can't do much at all right? >> > Unless I replicate/link like the entire system, minus login. >> >> You sai'd that you want to limit them, not I. > > > I just don't want them to be able to login as root. > B And I don't want a

Re: password-less console-only access and ssh remote access?

On Thu, Oct 21, 2010 at 07:46:50PM +0200, Bret S. Lambert wrote: > On Thu, Oct 21, 2010 at 05:38:54PM +, Jay K wrote: > > My ideal setup would be: > > 1) no passwords ("*" in /etc/passwd or via vipw) > > 2) only ssh for remote access > >i.e. no password-based security, only something b

Re: password-less console-only access and ssh remote access?

On 10/22/2010 09:43 AM, Joachim Schipper wrote: On Thu, Oct 21, 2010 at 07:46:50PM +0200, Bret S. Lambert wrote: On Thu, Oct 21, 2010 at 05:38:54PM +, Jay K wrote: My ideal setup would be: 1) no passwords ("*" in /etc/passwd or via vipw) 2) only ssh for remote access i.e. no pass

Re: password-less console-only access and ssh remote access?

On Tue, Oct 26, 2010 at 04:24:04AM -0700, Russell wrote: > On 10/22/2010 09:43 AM, Joachim Schipper wrote: > >On Thu, Oct 21, 2010 at 07:46:50PM +0200, Bret S. Lambert wrote: > >>On Thu, Oct 21, 2010 at 05:38:54PM +, Jay K wrote: > >>>My ideal setup would be: > >>> 1) no passwords ("*" in /e

Re: password-less console-only access and ssh remote access?

On Tue, Oct 26, 2010 at 8:24 AM, Joachim Schipper < joac...@joachimschipper.nl> wrote: > On Tue, Oct 26, 2010 at 04:24:04AM -0700, Russell wrote: > > On 10/22/2010 09:43 AM, Joachim Schipper wrote: > > >On Thu, Oct 21, 2010 at 07:46:50PM +0200, Bret S. Lambert wrote: > > >>On Thu, Oct 21, 2010 at