Viewing a response to: @r351574nc3/re-themarkymark-how-to-properly-setup-ssh-key-authentication-if-you-are-logging-into-your-server-with-root-you-are-doing-it-wrong-20180706t112615398z
I do the process in less than five minutes. If I can log in via the SSH key, I don't have to worry about the password authentication, nor do I care about it as it is being disabled. The entire time I have failbacks: * root login is still enabled until the final step * initial root login session is still connected * I have tested user login with key and sudo command functionality I see no problems doing it all at once, especially since it's done very quickly and the final test will verify everything and nothing is locked down until that is completed.
| author | themarkymark |
|---|---|
| permlink | re-r351574nc3-re-themarkymark-how-to-properly-setup-ssh-key-authentication-if-you-are-logging-into-your-server-with-root-you-are-doing-it-wrong-20180706t113308887z |
| category | sysadmin |
| json_metadata | {"tags":["sysadmin"],"app":"steemit/0.1"} |
| created | 2018-07-06 11:33:06 |
| last_update | 2018-07-06 11:33:24 |
| depth | 2 |
| children | 4 |
| last_payout | 2018-07-13 11:33:06 |
| cashout_time | 1969-12-31 23:59:59 |
| total_payout_value | 0.000 HBD |
| curator_payout_value | 0.000 HBD |
| pending_payout_value | 0.000 HBD |
| promoted | 0.000 HBD |
| body_length | 558 |
| author_reputation | 1,774,102,101,992,747 |
| root_title | "How to properly setup SSH Key Authentication - If you are logging into your server with root, you are doing it wrong!" |
| beneficiaries | [] |
| max_accepted_payout | 1,000,000.000 HBD |
| percent_hbd | 10,000 |
| post_id | 63,646,203 |
| net_rshares | 0 |
> I do the process in less than five minutes. I'm glad you can. I was making the suggestion for others that want to attempt this that find it's an easier to troubleshoot process. It's a miniscule change since this process is unchanged with the exception of disabling root sooner. It's literally one extra step and not a big one.
| author | r351574nc3 |
|---|---|
| permlink | re-themarkymark-re-r351574nc3-re-themarkymark-how-to-properly-setup-ssh-key-authentication-if-you-are-logging-into-your-server-with-root-you-are-doing-it-wrong-20180706t132346969z |
| category | sysadmin |
| json_metadata | {"tags":["sysadmin"],"app":"steemit/0.1"} |
| created | 2018-07-06 13:23:45 |
| last_update | 2018-07-06 13:23:45 |
| depth | 3 |
| children | 3 |
| last_payout | 2018-07-13 13:23:45 |
| cashout_time | 1969-12-31 23:59:59 |
| total_payout_value | 0.077 HBD |
| curator_payout_value | 0.021 HBD |
| pending_payout_value | 0.000 HBD |
| promoted | 0.000 HBD |
| body_length | 330 |
| author_reputation | 169,747,269,306,049 |
| root_title | "How to properly setup SSH Key Authentication - If you are logging into your server with root, you are doing it wrong!" |
| beneficiaries | [] |
| max_accepted_payout | 1,000,000.000 HBD |
| percent_hbd | 10,000 |
| post_id | 63,657,921 |
| net_rshares | 49,638,656,091 |
| author_curate_reward | "" |
| voter | weight | wgt% | rshares | pct | time |
|---|---|---|---|---|---|
| salty-mcgriddles | 0 | 40,440,618,381 | 100% | ||
| exifr | 0 | 4,001,313,971 | 100% | ||
| exifr0 | 0 | 5,196,723,739 | 100% |
I agree, I just don't think the password is an issue if you are not locking things down until you verify SSH Key. The password auth is a moot point. Especially when keeping the original session open (which will persist even if you locked yourself out as long as you don't disconnect).
| author | themarkymark |
|---|---|
| permlink | re-r351574nc3-re-themarkymark-re-r351574nc3-re-themarkymark-how-to-properly-setup-ssh-key-authentication-if-you-are-logging-into-your-server-with-root-you-are-doing-it-wrong-20180706t132555992z |
| category | sysadmin |
| json_metadata | {"tags":["sysadmin"],"app":"steemit/0.1"} |
| created | 2018-07-06 13:25:54 |
| last_update | 2018-07-06 13:25:54 |
| depth | 4 |
| children | 2 |
| last_payout | 2018-07-13 13:25:54 |
| cashout_time | 1969-12-31 23:59:59 |
| total_payout_value | 0.052 HBD |
| curator_payout_value | 0.010 HBD |
| pending_payout_value | 0.000 HBD |
| promoted | 0.000 HBD |
| body_length | 286 |
| author_reputation | 1,774,102,101,992,747 |
| root_title | "How to properly setup SSH Key Authentication - If you are logging into your server with root, you are doing it wrong!" |
| beneficiaries | [] |
| max_accepted_payout | 1,000,000.000 HBD |
| percent_hbd | 10,000 |
| post_id | 63,658,137 |
| net_rshares | 31,684,772,979 |
| author_curate_reward | "" |
| voter | weight | wgt% | rshares | pct | time |
|---|---|---|---|---|---|
| r351574nc3 | 0 | 31,684,772,979 | 100% |
| author | garudi |
|---|---|
| permlink | re-themarkymark-re-r351574nc3-re-themarkymark-re-r351574nc3-re-themarkymark-how-to-properly-setup-ssh-key-authentication-if-you-are-logging-into-your-server-with-root-you-are-doing-it-wrong-20180708t205331444z |
| category | sysadmin |
| json_metadata | {"tags":["sysadmin"],"app":"steemit/0.1","community":"busy"} |
| created | 2018-07-08 20:53:33 |
| last_update | 2019-03-25 19:48:21 |
| depth | 5 |
| children | 0 |
| last_payout | 2018-07-15 20:53:33 |
| cashout_time | 1969-12-31 23:59:59 |
| total_payout_value | 0.000 HBD |
| curator_payout_value | 0.000 HBD |
| pending_payout_value | 0.000 HBD |
| promoted | 0.000 HBD |
| body_length | 1 |
| author_reputation | 11,121,884,448,559 |
| root_title | "How to properly setup SSH Key Authentication - If you are logging into your server with root, you are doing it wrong!" |
| beneficiaries | [] |
| max_accepted_payout | 1,000,000.000 HBD |
| percent_hbd | 10,000 |
| post_id | 63,943,046 |
| net_rshares | -179,092,499,360 |
| author_curate_reward | "" |
| voter | weight | wgt% | rshares | pct | time |
|---|---|---|---|---|---|
| ipromote | 0 | -179,211,449,644 | -2% | ||
| godawfulartist | 0 | 118,950,284 | 100% |
I guess it's just a separation of concerns. 1. Setup Admin Account 1. Setup Auth Key This way if users have problems, they are isolated to what they're working. For example, if there's an issue disabling root, it can be caught early before moving on to key setup. Users aren't left wondering what went wrong. IMHO, due to the separation of concerns, having a continuous login isn't necessary. Once `sudo` is setup, root login is disabled, and ssh with pw login is still working, then it's safe to have a new session and the user is able to make changes that require `root` access as they need. At this point, the rest of the instructions are only related the pub/priv key auth. We are confident `sudo` is setup correctly with an admin account. Any problems from this point forward will be related to key setup alone. The key to managing the setup in discrete pieces lies in disabling root sooner. > Especially when keeping the original session open (which will persist even if you locked yourself out as long as you don't disconnect). IMHO, this is only helpful at step 1. However, once the admin account is setup, the user can connect/reconnect and execute commands as logged in as root. At some point `sshd -T` needs to be run to test the configruation. A typo will easily ruin your day. In one case, you run into it sooner and can assume it's not a problem with key setup. In the other case, it could be a problem with either admin user setup or key setup.
| author | r351574nc3 |
|---|---|
| permlink | re-themarkymark-re-r351574nc3-re-themarkymark-re-r351574nc3-re-themarkymark-how-to-properly-setup-ssh-key-authentication-if-you-are-logging-into-your-server-with-root-you-are-doing-it-wrong-20180706t135500170z |
| category | sysadmin |
| json_metadata | {"tags":["sysadmin"],"app":"steemit/0.1"} |
| created | 2018-07-06 13:55:00 |
| last_update | 2018-07-06 13:55:00 |
| depth | 5 |
| children | 0 |
| last_payout | 2018-07-13 13:55:00 |
| cashout_time | 1969-12-31 23:59:59 |
| total_payout_value | 0.073 HBD |
| curator_payout_value | 0.021 HBD |
| pending_payout_value | 0.000 HBD |
| promoted | 0.000 HBD |
| body_length | 1,468 |
| author_reputation | 169,747,269,306,049 |
| root_title | "How to properly setup SSH Key Authentication - If you are logging into your server with root, you are doing it wrong!" |
| beneficiaries | [] |
| max_accepted_payout | 1,000,000.000 HBD |
| percent_hbd | 10,000 |
| post_id | 63,661,566 |
| net_rshares | 47,546,553,564 |
| author_curate_reward | "" |
| voter | weight | wgt% | rshares | pct | time |
|---|---|---|---|---|---|
| salty-mcgriddles | 0 | 38,724,955,783 | 100% | ||
| exifr | 0 | 3,827,343,798 | 100% | ||
| exifr0 | 0 | 4,994,253,983 | 100% |
hiveblocks