You are not logged in.
Pages: 1
When "PermitRootLogin without-password" is enable this only allows logins with RSA right ? Just want to make sure. Thanks.
Last edited by TuxLyn (2012-03-15 22:09:39)
::: Using Arch Linux Since October 25, 2011 :::
::: Tutorials: http://distrogeeks.com/ :::
Offline
That will disable password authentication for the root user indeed (and hence only allowing keybased auth if you've set that up).
Burninate!
Offline
Yeah that what I wanted to make sure. That it will only disable root password for RSA key authentication and not for any remote user who is trying to connect to it via ssh root@server. Unless I'm missing something... Any one else can confirm this ? Thanks.
Last edited by TuxLyn (2012-03-15 21:59:27)
::: Using Arch Linux Since October 25, 2011 :::
::: Tutorials: http://distrogeeks.com/ :::
Offline
That'll only affect the root user indeed. For the "normal" users; it's the "PasswordAuthentication" value that decides that.
Burninate!
Offline
Alright thanks Gcool. Here is my wiki page at http://wiki.gotux.net/config/ssh if any one else is interested to configure this.
Last edited by TuxLyn (2012-03-15 22:51:59)
::: Using Arch Linux Since October 25, 2011 :::
::: Tutorials: http://distrogeeks.com/ :::
Offline
Sidenote: I strongly reccomend disabeling root login totally, for obvious reasons. (and only allow key logins for users)
Evil #archlinux@libera.chat channel op and general support dude.
. files on github, Screenshots, Random pics and the rest
Offline
@Mr.Elending, yeah I thought about that. How secure is RSA keys to use it with root ?
::: Using Arch Linux Since October 25, 2011 :::
::: Tutorials: http://distrogeeks.com/ :::
Offline
Not allowing root login over ssh at all and using keys for users is my preferred way of working as well. How secure this setup is will basically depend on 2 things:
1) The used encryption algorithm and keylength when generating your keypair (RSA 2048bit is the default used by ssh-keygen, so you're pretty good in that aspect).
2) Your own ability to keep your private key "private" (making sure your (clientside) box is secure noone else has access to it).
Burninate!
Offline
Pages: 1