💾 Archived View for rawtext.club › ~sloum › geminilist › 001686.gmi captured on 2020-09-24 at 01:43:03. Gemini links have been rewritten to link to archived content
-=-=-=-=-=-=-
jes j3s at c3f.net
Mon Jun 15 03:26:45 BST 2020
- - - - - - - - - - - - - - - - - - -
On 6/14/20 8:31 PM, Matthew Graybosch wrote:
On Sun, 14 Jun 2020 15:34:08 -0500
I've also seen some forum posts suggesting that I can disable password
authentication for all users by default, and then allow exceptions for
particular users. This might help me harden Tanelorn without making
things harder for less-skilled users who haven't gotten the hang of
generating a ssh key and copying it yet.
Up to you! In my mind turning password auth is priority number one - but since you have users who could be confused by it, it's up to you and your own risk tolerance.
If any of these users are able to switch to the root user or similar, I'd say that you must disable password auth now regardless of what your users prefer.
You may consider setting MaxAuthTries to a reasonable value (say, 3 or 4) which will lock user accounts that fail password auth that many times.
j3s