SSH with key only

#1

Is it wise, doable and advisable to deny ssh login with passwords and disable admin login?

I’d like to add an extra layer of security by only allowing ssh login verification by ssh-keys and a user other then the default admin.

But is this advisable? Or might Yunohost behave erratically if I do that?
If so, What is the best way to achieve this?

Thnx!

#2

It is doable and probably recommended (basically we don’t do this “by default” because it’s a whole mess to understand how to use keys for newcomers in the server world, rather than simply password - considering they’re already learning quite a lot of things)

You may simply edit /etc/ssh/sshd_config with the appropriate options. Just be aware that this configuration file then won’t be managed by YunoHost and you won’t automatically benefit from possible improvements in it …

So you may keep a look on the upgrade logs which might say something like “YunoHost wanted to update the file /etc/ssh/sshd_config but it was manually modified”. In which case, you can see the differences by running yunohost tools regen-conf ssh --dry-run -d (in 3.6, not yet release, otherwise it’s yunohost service regen-conf)

1 Like