On 09-02-18 01:28, Philip Prindeville wrote: > From: Philip Prindeville <phil...@redfish-solutions.com> > > Allowing password logins leaves you vulnerable to dictionary > attacks. We disable password-based authentication, limiting > authentication to keys only which are more secure. > > Note: You'll need to pre-populate your image with some initial > keys. To do this: > > 1. Create the appropriate directory as "mkdir -p files/root/.ssh" > from your top-level directory; > 2. Copy your "~/.ssh/id_rsa.pub" (or as appropriate) into > "files/root/.ssh/authorized_keys" and indeed, you can collect > keys from several sources this way by concatenating them; > 3. Set the permissions on "authorized_keys" to 644 or 640. > > NAK. This is going to bite people. It takes much more time and effort to recover from a device you can no longer access due to this change, than to manually disable password authentication in OpenSSH.
_______________________________________________ Lede-dev mailing list Lede-dev@lists.infradead.org http://lists.infradead.org/mailman/listinfo/lede-dev