mailinabox icon indicating copy to clipboard operation
mailinabox copied to clipboard

Published 20 hours ago verified publisher icon mail-in-a-box

Check if we can disable ssh password authentication

Open yodax opened this issue 8 years ago • 9 comments

This PR will disable password based login via ssh only if the user that logged in:

  • Is using an ssh connection
  • Used a public key to authenticate
  • The user still has that key in authorized_keys

This way we can be certain that the user can access the system without a password.

This was tested by a user directly logged in via root using an pub key and a user using a pub key and then using sudo to start the install.

yodax avatar Mar 28 '16 05:03 yodax

Good call 🚀 Makes setting up an machine much easier - so i do not have to edit the ssh config 😉

aspdye avatar Apr 09 '16 11:04 aspdye

This is a great idea but I find it pretty scary to have it automatically fire. (me, I don't disable passwords until I have at least 2 keys that can log in)

Maybe allow it to be enabled and disabled from the admin console?

Passwords are a big security issue and manually editing sshd_conf is a hassle... I do hope something like this can be merged.

bronson avatar Sep 18 '16 06:09 bronson

Maybe allow it to be enabled and disabled from the admin console?

It would be hard to check from the admin console if the key was still working. This PR makes sure that you can still login with a key.

yodax avatar Sep 18 '16 06:09 yodax

I hear that. I like the idea, I'm just uncomfortable with this happening behind my back. Especially if only a single key is configured.

Maybe it could be in a script? Say, management/ssh_disable_password_auth

Then the warning in status_checks.py could read: Add your SSH public key to $HOME/.ssh/authorized_keys and then run 'sudo management/ssh_disable_password_auth'

bronson avatar Sep 18 '16 08:09 bronson

or sudo management/ssh_password_auth disable and sudo management/ssh_password_auth enable. Hoping someone can come up with a better idea.

bronson avatar Sep 18 '16 08:09 bronson

I can live with a separate script. I do think it is better to do it during setup or at the very least ask to do it immediately when all the conditions are met.

We should either enforce or strongly encourage and assist the user in changing this setting.

yodax avatar Sep 18 '16 08:09 yodax

We should either enforce or strongly encourage and assist the user in changing this setting.

Completely agree. The fat red X in the status check is currently some encouragement.

But the user also needs to understand how incredibly important their ssh key has become. Lose it and, at some ISPs (especially dedicated hosts), you get to re-image the box and restore from backup.

That's why I think this needs to be deliberate and explicit. Not just a [y/n] question that can be fat-fingered.

bronson avatar Sep 18 '16 08:09 bronson

I do think that asking questions/adding options conflicts with @JoshData line with keeping it simple.

If it's not desirable to do it automatically, I like @bronson option to mention a separate script in the status best. It wouldn't be a lot of work to change and we can still guarantee that the user still can login. Perhaps display some information on key safety.

(To be honest, I'm more likely to loose a pasword than my key)

yodax avatar Sep 18 '16 08:09 yodax

Hi @yodax

This PR is > 7 years old. It is something you still want to achieve? If so, would you like to rebase with the latest master and raise the remaining tasks, or else archive this PR?

We understand that you have invested some time in this and appreciate the efforts. But at the same time, we'd like to tidy up this repository. Thank you for your understanding.

binarykitchen avatar Aug 25 '23 23:08 binarykitchen