Hacker News new | past | comments | ask | show | jobs | submit login

`PermitRootLogin = without-password` in /etc/ssh/sshd_config

Same thing for non-root: `AuthenticationMethods = publickey`

And when buying a router, buy something that will get regular security updates, or where you can put OpenWRT.




From openssh 7.0 release notes:

  * PermitRootLogin=without-password/prohibit-password now bans all
    interactive authentication methods, allowing only public-key,
    hostbased and GSSAPI authentication (previously it permitted
    keyboard-interactive and password-less authentication if those
    were enabled).
It mentions that previously without-password it would still allow keyboard-interactive logins. Should be fairly easy to fake for a botnet!


I still prefer "PermitRootLogin=no".


However unrealistic it is, I still wish that open source Projects would agree on what to call things.

The /etc/sudoers NOPASSWD and sshd without-password sound like the same thing, but are far from that.

I feel like they could have named it better.


Sudoers NOPASSWD means you don't have to type the password for that feature. Sshd without-password means passwords are disabled. Not the same thing.




Consider applying for YC's Summer 2025 batch! Applications are open till May 13

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: