SSH Key AND Password?


#1

From the Admin Panel: “The SSH server on this machine permits password-based login. A more secure way to log in is using a public key.”

If SSH keys or passwords are better for protection is for sure debatable, but is it possible to use both together for authentication? Password with SSH key as best practice may increase the security of MiaB. Of course, this is only a suggestion. Maybe it is already possible with MiaB?


#2

I would recommend that you do not allow password based logins via ssh, and add a password to your ssh key when creating it.


#3

It is already possible, of course! However, it is something that you must configure yourself when setting up the server before (or after) installing MiaB.

I think that forcing this security on people when they install MiaB can create more problems than it would solve considering that some people do not use public key authentication, know how to use it, or even know what it is.


#4

It’s not forced (hence it is only a warning message, not an error that stops MIAB from working).

That being said - you can use both SSH keys and passwords to authenticate. (SSH keys, like SSL Keys, are MUCH more secure than any amount of password you use. That being said, a long and complicated password is plenty safe for the average server / user (16-32 ch. long, EG: d3YlG*eXuW36NYch7awnb2nd_Uh6UD7# DO NOT USE THIS IT IS ONLY AN EXAMPLE)


#5

I’m doing this very thing with a Yubikey for a second factor of authentication. The SSH login requires the key for authentication first (which is itself protected by a passphrase) and then requires my system password + yubikey OTP generated by the device.

I’d love to be able to make the warning go away for the sake of neatness, but I can live with it.


#6

If you are using key Public Key authentication and want to turn off password login then you need to do the following.

Note do not disable password authentication until you have setup and tested at least one public key login, otherwise you will find yourself locked out of your server

Log on to the server.

Type in sudo nano /etc/ssh/sshd_config
Scroll down to this line

# Change to no to disable tunnelled clear text passwords
PasswordAuthentication yes

Change it to:

# Change to no to disable tunnelled clear text passwords
PasswordAuthentication no

Then save it.

Finally run the following command

sudo restart ssh

Once you’ve done this the warning about password logins will be gone.


#7

This topic was automatically closed after 61 days. New replies are no longer allowed.