I always knew I loved SSH keys. Often, my love was for the convenience factor and that warm feeling you get from authenticating with 1024 bits of encryption goodness. But tonight I’m marveling in the simplistic setup beauty these babies can give any Unix/Linux sysadmin. Most of us have had to play the role at some point of setting up the FNG on the shared linux box. We create the account then email him/her some version of their password and hope they actually login at some point to change it. Any brute force password list worth its weight in electrons has a few versions of the famous “ChangeM3” password. I’ve also been hesitant to ever disable password authentication in my sshd_conf since I thought I’d have to flip it back on anytime there is a new user.

From this ugliness comes my new reason to love SSH keys. Lets change the policy for creating new accounts to require that your noob first sends you an SSH public key (send them off to get PuTTYgen if they don’t already have one). Remember, this is their public key so it’s totally cool to be sent over clear text, or simply posted on the internet. Now as the sysadmin, add their account and drop off their public key in their .ssh/authorized_keys file.

What does this solve? No more login passwords in clear text over email or IM. No more worrying about the FNG changing their password. No more brute force SSH concerns. And for an extra bonus, if I’m the FNG, now I have one less password I need to remember because before, I was setting a unique password on each box. Hey, you never know when your admin might decide to run john the ripper on the shadow file.

When you’re ready to take the plunge and have your own keys in place, the lines you’ll want in your sshd_conf file to require keys and disallow standard login passwords should look something like this:

…snip…
RSAAuthentication yes
PubkeyAuthentication yes
ChallengeResponseAuthentication no
PasswordAuthentication no
UsePAM no
…snip…

-b3nn