Re: Supposed way to have a login without password but still able to login via ssh?

Hi Federico,

As far I am aware of, you shouldn't disable your user password...
It seems akward to me
And you're not telling why you absolutely need to login without the password...

Regarding SSH configuration nothing special on openbsd I am aware of...
Reading any good faq regarding ssh key management on the web should help you...

You shoud look at sshd configuration : /etc/ssh/sshd_config
Help : https://man.openbsd.org/sshd_config.5

PasswordAuthentication no
When you're sure you're able to login via ssh 😊

Regards,

-----Message d'origine-----
De : owner-misc@openbsd.org <owner-misc@openbsd.org> De la part de Federico Giannici
Envoyé : lundi 26 septembre 2022 20:27
À : 'misc' <misc@openbsd.org>
Objet : Supposed way to have a login without password but still able to login via ssh?

I have a login that I want to be able to access only via ssh with a certificate (in ~/.ssh/authorized_keys).


So I have disabled the password ('*') but left a valid shell. Something
like this in /etc/master.passwd:

mylogin:*:1001:1001::0:0:My login:/home/mylogin:/bin/sh


But in this way every day a receive a mail with the following:

Checking the /etc/master.passwd file:
Login mylogin is off but still has a valid shell and alternate access
files in home directory are still readable.


What is the supposed way to define an account without a password but
with a valid shell (to access via ssh with a certificate)?

Thanks.