Proposal to add a DisableAuthentication option to sshd ServerOptions
Martin Hecht
martin.hecht at hlrs.de
Fri Jun 28 20:22:11 AEST 2024
On 28/06/2024 01:26, Jochen Bern wrote:
> If pinpointing and templating the relevant accounts in the above way
> works out, there's no need to implement a kill switch for a security
> mechanism in sshd, to fiddle with PAM, or even to run a second,
> non-public sshd on a different port, the clients and servers would
> simply *happen* to have passwordless logins in(to) the "safe area"
> configured and ready to go as they're created off their respective
> templates.
Maybe even simpler: HostbasedAuthentication could do the trick for
unprivileged user accounts within such a controlled environment.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5924 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20240628/aad2965a/attachment-0001.p7s>
More information about the openssh-unix-dev
mailing list