...
| Code Block | ||
|---|---|---|
| ||
# Since this is a critical file, back it up first. sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.2011-02-12.v0.0.tinpham_about_to_disable_password_auth.bck # Load the file in your favourite editor. sudo vi /etc/ssh/sshd_config |
Adjust We can modify sshd_config quickly using sed,
| Code Block | ||
|---|---|---|
| ||
sudo sed -i 's/#PasswordAuthentication yes/PasswordAuthentication no/g' /etc/ssh/sshd_config |
Changes the following,
| Code Block | ||
|---|---|---|
| ||
# Change to no to disable tunnelled clear text passwords #PasswordAuthentication yes |
Remove the comment Uncomment and change yes to no. It should look like this,
...
The Permission denied indicates that password authentication is now disabled.
Key Compromise
...
Strategies
Reusing Public Keys Across Machines
You can actually reuse public keys across machines. With this approach, you only need to keep track of one private key per user. Of course, this also means if your private key is compromised all your systems are accessible with the one key.
Key Compromise
- ... revoking keys
- ... strategies for centralizing key management and then also pitfalls
- ... is it possible to force password protected private keys
Resources
http://www.ibm.com/developerworks/library/l-keyc.html - pretty good article, I think I can improve it, shorter, clearly show when running on client or server.
...