Sunday, July 01, 2018

Re: Daily insecurity output on valid users using key with valid shell and without password.

Set VERBOSESTATUS to 0 in /etc/daily.local

Source: absolute openbsd 2nd edition, chapter 15 "System Maintenance"

Havent done it myself but I hope its a good clue!

On Sun, 1 Jul 2018, 8:47 pm Remco, <remco@dpub.nl> wrote:

> Op 07/01/18 om 19:22 schreef Daniel Ouellet:
> > I find this annoying and sometime I over look this because I always get
> > the example:
> >
> > ==============
> > Running security(8):
> >
> > Checking the /etc/master.passwd file:
> > Login share is off but still has a valid shell and alternate access
> files in
> > home directory are still readable.
> > Login xxx is off but still has a valid shell and alternate access files
> in
> > home directory are still readable.
> > =========
> >
> > Is there a better or different way to do this?
> >
> > I always disable the login password on users with * oppose to password
> > in the master.passwd file after keys are installed as I DO NOT want to
> > allow login password when ssh keys are use, but still get the above
> > warning daily on multiples servers & users.
> >
> > The Running security(8): is nice as you see possible changes done by sys
> > admin and you get the feedback, but getting daily warning for the same
> > things sometime will get overlook because of noise.
> >
> > Is there a better way to disable login and not get these warning for ssh
> > key users and keep the valid idea and use of the cronjob as is?
> >
> > Daniel
> >
> >
>
> I think you need to use 13 asterisks for the password, passwd(5) has a
> brief mentioning of this.
>
>

No comments:

Post a Comment