Hi,
On 6.6-STABLE, I'm looking at security(8) and it's not immediately
obvious to me how I can have an SSH key-only user who does not have a
password, that also does not trigger daily security warnings.
The goal is to have a user that can never log in on the console, or via
password any other way (FTP, SMTP auth, POP, etc., etc.), but only via
the RSA key provided.
Is there a way to placate security(8) that I'm just not seeing? Or is
my goal fundamentally misguided for some reason I'm not seeing? The
user in this case is semi-trusted (e.g. yes, we'll let you login using
an unprivileged account to run bgpctl in pipelines) but not
organizationally-trusted (i.e. but that's ALL we want you to do on this
system).
Thanks,
-Adam
- password-less user (without bothering security(8))? Adam Thompson
-
