Is disabling password login for SSH the same as deleting the password for all users?
Posted
by
Arsham Skrenes
on Server Fault
See other posts from Server Fault
or by Arsham Skrenes
Published on 2013-10-30T07:42:42Z
Indexed on
2013/10/30
9:56 UTC
Read the original article
Hit count: 177
I have a cloud server with only a root user. I SSH to it using RSA keys only. To make it more secure, I wanted to disable the password feature. I know that this can be done by editing the /etc/ssh/sshd_config
file and changing PermitRootLogin yes
to PermitRootLogin without-password
. I was wondering if simply deleting the root password via passwd -d root
would be the equivalent (assuming I do not create more users or new users have their passwords deleted too). Are there any security issues with one approach verses the other?
© Server Fault or respective owner