(www.kkyri.com)

66 points todsacerdoti | 2 comments | 22 Oct 24 00:52 UTC | HN request time: 0.6s | source

Show context

yjftsjthsd-h ◴[22 Oct 24 01:46 UTC] No.41910374[source]▶

>>41910124 (OP) #

You should always verify that SSH password auth is actually off; run

  ssh -v myserver : 2>&1 | grep continue

and ensure that it only gives "publickey"!

(A surprising number of VPSs will re-enable passwords in a .d config file. And really, even if you've checked for that, the extra 10 seconds to make sure is worth it.)

replies(2): >>41910475 #>>41919948 #

1. remram ◴[22 Oct 24 02:06 UTC] No.41910475[source]▶

>>41910374 #

Good advice. Another option:

  ssh -o PreferredAuthentications=password -o PubkeyAuthentication=no myserver

replies(1): >>41915881 #

2. LinuxBender ◴[22 Oct 24 16:20 UTC] No.41915881[source]▶

>>41910475 (TP) #

And from the server itself. Some versions won't allow this command without also creating a prevsep directory e.g. mkdir /run/sshd if sshd is not set to automatically start.

    sshd -T | grep -i pas
    passwordauthentication yes
    permitemptypasswords yes

I permit this intentionally for my own reasons on my publicly accessible servers.

↑

How to secure your new VPS: a step-by-step guide