Web lists-archives.com

Re: ssh




On 19/11/2018 02:46, Alan Taylor wrote:
Thanks Mike,

I was slowly coming to that conclusion !
What would be best practice regarding a password for that account (i.e. system account such as backuppc that needs ssh access but no shell access).

If I create the user with bash as the shell, I seem to have a few options:
1) don’t set a password (i.e. no reference to password in the adduer command). The man page says this results in the password being “disabled”. What does this actually mean for security ?
2) use —disabled-password (same as 1 above ?)
3) the —disabled-password option appears to be only available on debian. Redhat derivatives only offer useradd which does not have this switch ?

Which would be the most secure, while still allowing ssh access ?



Don't get too hung up on it all.

If the account needs login access then give it. Create or use an account with a shell of your choice and a secure password. You don't need to remember the password, as you are using keys, so it can be ridiculously secure. A standard user cant do much harm if you don't give it any more privileges than it needs.
-- 
Mike Howard