-
Notifications
You must be signed in to change notification settings - Fork 75
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Make password expiration configurable + a switch to turn off password access if key is present #534
Comments
These two things are not really related. We can't make SFTP optional, because it is a part of SSH, just with extra wrapper. Do you suggest a configurable password expiration perhaps? |
yes, configurable password expiry would work I think |
We could also add a switch to disable password access for accounts, if SSH keys are detected, because you need the password first anyway. It would be enough to use "passwd" command to restore password based access for an account temporarily, though. |
that would be great if there was a way to stop passwords being initally created (which was how it worked last time I installed using BOA) |
It never worked w/o passwords and you always need password access first for all non-root users. |
as an extra note, as the root user I been previously disabling password based login before I execute barracuda install, as well as adding keys for the aegir user (based on Barracuda install) |
We need an approach which is good for most users and not just for a specific use case. |
sure, I get that |
Disabling password access may be dangerous because sometimes firewall may prevent you to log in from machine having key and the only way to unblock is to log in from some other machine/IP and password. The same problem may occur if your own machine becomes problematic, for instance the only place you had the key, have disk failure and your key is lost for good. Some automatic procedure may even prevent any other access including root which can usually be reset with some provider control panel and leave you completely without administrative access. I am not sure how can this be pulled safely and simple. |
Is it possible to make boa install only allow key based login instead of setting up the sftp server? And also disable the scheduled forced reseting of passwords (I generally don't use passwords at all)
The text was updated successfully, but these errors were encountered: