Re: password-less console-only access and ssh remote access?

On 10/22/2010 09:43 AM, Joachim Schipper wrote: On Thu, Oct 21, 2010 at 07:46:50PM +0200, Bret S. Lambert wrote: On Thu, Oct 21, 2010 at 05:38:54PM +, Jay K wrote: My ideal setup would be: 1) no passwords (* in /etc/passwd or via vipw) 2) only ssh for remote access i.e. no

Re: password-less console-only access and ssh remote access?

On Tue, Oct 26, 2010 at 04:24:04AM -0700, Russell wrote: On 10/22/2010 09:43 AM, Joachim Schipper wrote: On Thu, Oct 21, 2010 at 07:46:50PM +0200, Bret S. Lambert wrote: On Thu, Oct 21, 2010 at 05:38:54PM +, Jay K wrote: My ideal setup would be: 1) no passwords (* in /etc/passwd or

Re: password-less console-only access and ssh remote access?

On Tue, Oct 26, 2010 at 8:24 AM, Joachim Schipper joac...@joachimschipper.nl wrote: On Tue, Oct 26, 2010 at 04:24:04AM -0700, Russell wrote: On 10/22/2010 09:43 AM, Joachim Schipper wrote: On Thu, Oct 21, 2010 at 07:46:50PM +0200, Bret S. Lambert wrote: On Thu, Oct 21, 2010 at 05:38:54PM

Re: password-less console-only access and ssh remote access?

On Thu, Oct 21, 2010 at 07:46:50PM +0200, Bret S. Lambert wrote: On Thu, Oct 21, 2010 at 05:38:54PM +, Jay K wrote: My ideal setup would be: 1) no passwords (* in /etc/passwd or via vipw) 2) only ssh for remote access i.e. no password-based security, only something better

Re: password-less console-only access and ssh remote access?

On Thu, Oct 21, 2010 at 05:38:54PM +, Jay K wrote: My ideal setup would be: 1) no passwords (* in /etc/passwd or via vipw) 2) only ssh for remote access i.e. no password-based security, only something better 3) except console, where anyone should be able to login without

Re: password-less console-only access and ssh remote access?

You can get almost the same thing by setting PasswordAuthentication to no in your sshd_config file, and hand out empty or ridiculously simple passwords for the console (honestly, who would forget yermomsawhore as a password?). How do I limit their use to the console? If say I ssh in as

Re: password-less console-only access and ssh remote access?

On Fri, Oct 22, 2010 at 1:01 PM, Jay K jay.kr...@cornell.edu wrote: You can get almost the same thing by setting PasswordAuthentication to no in your sshd_config file, and hand out empty or ridiculously simple passwords for the console (honestly, who would forget yermomsawhore as a

Re: password-less console-only access and ssh remote access?

On Fri, Oct 22, 2010 at 10:01:17AM +, Jay K wrote: You can get almost the same thing by setting PasswordAuthentication to no in your sshd_config file, and hand out empty or ridiculously simple passwords for the console (honestly, who would forget yermomsawhore as a password?).

Re: password-less console-only access and ssh remote access?

login. Right? So I'm back to the earlier point. Thanks, - Jay Date: Fri, 22 Oct 2010 13:11:44 +0300 Subject: Re: password-less console-only access and ssh remote access? From: tomas.bod...@gmail.com To: jay.kr...@cornell.edu CC: bret.lamb...@gmail.com

Re: password-less console-only access and ssh remote access?

login. Right? So I'm back to the earlier point. Thanks, - Jay Date: Fri, 22 Oct 2010 13:11:44 +0300 Subject: Re: password-less console-only access and ssh remote access? From: tomas.bod...@gmail.com To: jay.kr...@cornell.edu CC: bret.lamb...@gmail.com

Re: password-less console-only access and ssh remote access?

Turn off sudo and don't put users you don't want to have root in the wheel group. I find what you want to be questionable though. But can't they still run login? Why questionable? I want security and convenience. I don't consider passwords to be either. physical security + ssh is what I

Re: password-less console-only access and ssh remote access?

I believe you can do something like this. but I see it not really making you more secure, still questionable sed s/secure/insecure/g /etc/ttys /tmp/temp; mv /tmp/temp /etc/ttys Mark On Fri, Oct 22, 2010 at 3:56 PM, Jay K jay.kr...@cornell.edu wrote: Turn off sudo and don't put

Re: password-less console-only access and ssh remote access?

- Jay Date: Fri, 22 Oct 2010 13:11:44 +0300 Subject: Re: password-less console-only access and ssh remote access? From: tomas.bod...@gmail.com To: jay.kr...@cornell.edu CC: bret.lamb...@gmail.com; misc@openbsd.org On Fri, Oct 22, 2010 at 1:01 PM, Jay

Re: password-less console-only access and ssh remote access?

If I chroot then I can't do much at all right? Unless I replicate/link like the entire system, minus login. You sai'd that you want to limit them, not I. I just don't want them to be able to login as root. And I don't want a password for root. If they are on the console though, ok

Re: password-less console-only access and ssh remote access?

On Fri, Oct 22, 2010 at 11:53 PM, Jay K jay.kr...@cornell.edu wrote: If I chroot then I can't do much at all right? Unless I replicate/link like the entire system, minus login. You sai'd that you want to limit them, not I. I just don't want them to be able to login as root. B And I don't

password-less console-only access and ssh remote access?

My ideal setup would be: 1) no passwords (* in /etc/passwd or via vipw) 2) only ssh for remote access i.e. no password-based security, only something better 3) except console, where anyone should be able to login without any password (granted, I only have two users, root and jay)