1

I need a maintenance user which only requires a remote login. I'll preferably use only public keys to login into the account.

I thought of just creating the user with useradd myuser, adding later the required public keys to its authorized_hosts file.

useradd disables the password by default. Do I still require to run a passwd -l myuser to lock it?

Any drawbacks here?

Improve this question

1 Answer 1

Reset to default
2

Yes, there are some drawbacks here. You are using password-less authentication to increase security. Since giving password will be a second door to login to your system. So in 

/etc/ssh/sshd_config



PasswordAuthentication no
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile      .ssh/authorized_keys
ChallengeResponseAuthentication no
GSSAPIAuthentication no

This changes will only authenticate with the public key, it will not ask password at any case. This will be a good security procedure to secure remote logins.

Improve this answer
2
  • Thanks for your reply, @Ruban. I'm aware of the sshd PasswordAuthentication no config line, but it would apply globally, and I still require some users using password during remote login. Given this scenario, do you find any other issue? Commented Sep 3, 2014 at 8:23
  • If that is your case then what you have done is good @el.atomo. There would be no issues. Commented Sep 3, 2014 at 8:38

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.