SSH with key only


Is it wise, doable and advisable to deny ssh login with passwords and disable admin login?

I’d like to add an extra layer of security by only allowing ssh login verification by ssh-keys and a user other then the default admin.

But is this advisable? Or might Yunohost behave erratically if I do that?
If so, What is the best way to achieve this?



It is doable and probably recommended (basically we don’t do this “by default” because it’s a whole mess to understand how to use keys for newcomers in the server world, rather than simply password - considering they’re already learning quite a lot of things)

You may simply edit /etc/ssh/sshd_config with the appropriate options. Just be aware that this configuration file then won’t be managed by YunoHost and you won’t automatically benefit from possible improvements in it …

So you may keep a look on the upgrade logs which might say something like “YunoHost wanted to update the file /etc/ssh/sshd_config but it was manually modified”. In which case, you can see the differences by running yunohost tools regen-conf ssh --dry-run -d (in 3.6, not yet release, otherwise it’s yunohost service regen-conf)

1 Like