Skip to content

common: SSH only login #90

New issue
New issue
Open
Open
common: SSH only login#90
Assignees
JGoutin
Labels
enhancementNew feature or requestfeatureNew featuresecurityRelated to security hardening
@JGoutin

Description

@JGoutin
JGoutin
opened on May 9, 2024

The aim is to add an option to allow admin user to login only using SSH with its key (No local console, ...). This is the common behavior on cloud servers.

Requirements:

  • Remove user password (passwd -d username)
  • Ensure user can still sudo once logged, the only solution that doesn't require enabling SSH agent forwarding is to disable password (Edit /etc/sudoers to add username ALL=(ALL) NOPASSWD:ALL at end of file).

Also, it is possible to restrict users allowed to use SSH by editing /etc/ssh/sshd_config and adding AllowUsers username.

Metadata

Metadata

Assignees

Labels

enhancementNew feature or requestfeatureNew featuresecurityRelated to security hardening

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions