Comment by sshine
14 hours ago
I only accept keys on non-standard SSH ports.
Less spam traffic, easier to access.
Rejecting passwords is just as much a convenience nowadays:
I just don't have passwords on my remote machines any more.
14 hours ago
I only accept keys on non-standard SSH ports.
Less spam traffic, easier to access.
Rejecting passwords is just as much a convenience nowadays:
I just don't have passwords on my remote machines any more.
Same here, PasswordAuthentication is globally No, but I always hold an special username for emergencies which is the only user allowed to login via password (easy at sshd_config file, Match User xxxx then "PasswordAuthentication yes"). Besides emergencies, also works wonders when some sysadmins insist to login via bare metal terminal and cannot use a key...
This has been my practice for 20+ years of running SSH, that and using Ansible to keep sshd hardened. https://github.com/dev-sec/ansible-collection-hardening/tree...