Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Secure My VPS guide doesn't contain full instructions to disable password logins #4595

Open
rxall opened this issue May 7, 2023 · 1 comment
Open

Secure My VPS guide doesn't contain full instructions to disable password logins #4595

rxall opened this issue May 7, 2023 · 1 comment

Comments

@rxall
Copy link

rxall commented May 7, 2023

By default on a fresh ubuntu VPS install, Include /etc/ssh/sshd_config.d/*.conf (L12) is included within /etc/ssh/sshd_config.

/etc/ssh/sshd_config.d/50-cloud-init.conf contains the setting PasswordAuthentication Yes

This overrides the setting within /etc/ssh/sshd_config

A user following the Secure My VPS guide step by step won't actually be disabling password logins where the guide would lead them to believe they have.

docs/pages/cloud/vps/secure_your_vps/guide.en-us.md

Line 149 in 6187a1f

Afterwards, connections to your server via root user (`ssh root@IPv4_of_your_VPS`) will be rejected.

@CompeyDev
Copy link

Please consider fixing this. I spent 20 minutes confused as to why I was still able to authenticate using password (using ssh flags -o PreferredAuthentications=password -o PubkeyAuthentication=no) after disabling it in sshd_config.

This is pretty misleading documentation.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@rxall @CompeyDev