←back to thread

66 points todsacerdoti | 2 comments | | HN request time: 0.6s | source
Show context
yjftsjthsd-h ◴[] No.41910374[source]
You should always verify that SSH password auth is actually off; run

  ssh -v myserver : 2>&1 | grep continue
and ensure that it only gives "publickey"!

(A surprising number of VPSs will re-enable passwords in a .d config file. And really, even if you've checked for that, the extra 10 seconds to make sure is worth it.)

replies(2): >>41910475 #>>41919948 #
1. remram ◴[] No.41910475[source]
Good advice. Another option:

  ssh -o PreferredAuthentications=password -o PubkeyAuthentication=no myserver
replies(1): >>41915881 #
2. LinuxBender ◴[] No.41915881[source]
And from the server itself. Some versions won't allow this command without also creating a prevsep directory e.g. mkdir /run/sshd if sshd is not set to automatically start.

    sshd -T | grep -i pas
    passwordauthentication yes
    permitemptypasswords yes
I permit this intentionally for my own reasons on my publicly accessible servers.