I made a small tutorial on how to set up key authentication with an OpenBSD server.
#openbsd #vps
https://www.graslander.online/index.php/disable-password-authentication-for-openssh/
Conversation
Notices
-
Embed this notice
Graslander (graslander@mastodon.social)'s status on Monday, 18-Nov-2024 06:02:54 JST 
Graslander
-
Embed this notice
Solène :flan_hacker: (solene@bsd.network)'s status on Monday, 18-Nov-2024 06:02:53 JST 
Solène :flan_hacker:
@graslander at first, I thought you wrote about setting up a PKI on OpenBSD
As you use keys to authenticate clients, you still rely on TOFU when connecting to the server, you have two solutions to solve this:
- use SSH certificates to authenticate both clients and servers
- use SSHFP DNS entriesI covered the second system if you are interested https://dataswamp.org/~solene/2023-08-05-sshfp-dns-entries.html
-
Embed this notice
Solène :flan_hacker: (solene@bsd.network)'s status on Monday, 18-Nov-2024 07:40:53 JST
Solène :flan_hacker:
@mischa @graslander I never thought doing it this way :flan_aww:
-
Embed this notice
Mischa 🐡😎 (mischa@exquisite.social)'s status on Monday, 18-Nov-2024 07:40:54 JST 
Mischa 🐡😎
@graslander nice! Changing the settings in rc.conf.local might be even easier:
# rcctl set sshd flags -o PasswordAuthentication=no
-
Embed this notice
Solène :flan_hacker: (solene@bsd.network)'s status on Monday, 18-Nov-2024 18:24:47 JST
Solène :flan_hacker:
@joel @mischa @graslander on systemd you can override the service to change the ExecStart property to add arguments to it
-
Embed this notice
Joel Carnat ♑ 🤪 :runbsd: (joel@piou.foolbazar.eu)'s status on Monday, 18-Nov-2024 18:24:48 JST 
Joel Carnat ♑ 🤪 :runbsd:
@solene @mischa neither did I.
I keep editing the config file. Probably because that works on every OS.I wonder if/how that would work with SystemD based stuff.
-
Embed this notice
All GNU social JP content and data are available under the