SSH Key only Login [patch]

Spida · Jul 28, 2006, 9:21 PM

I wrote a patch for it that is intended to do the following things:

Disable Login for SSH via Password (Login with SSH-Key is still available, as is Login to the WEBUI via Password)
Make that Configurable via the WEBUI (Switch is in the System->advanced section)
Make it possible to upload a authorized_keys file for root (Pastebox is in the System->advanced section, too)

The patch is available here:
http://www.spida.net/projects/pfsense/

JeGr · Jul 29, 2006, 12:30 PM

@devs: Any chance this appearing in head? ;) Would really appreciate it as an advanced security feature. Nice work to Spida btw :)

sullrich · Jul 29, 2006, 3:33 PM

It was commited yesterday to HEAD.

JeGr · Jul 29, 2006, 10:42 PM

awarded for hero of the month :D

buraglio · Aug 15, 2006, 5:57 PM

This is much better than the crappy patch I wrote to do this. Kudos.

nb

msatter · Nov 13, 2006, 11:31 AM

Any chance this will be implementedin a future version and I don't want to run the patch on 1.01. I now create an .ssh dir and put my RSA key in the authorized_keys file. Then I edit my /etc/sshd file to only enable RSA login and disable the password login.

It also would be nice to be able to backup the collected RRD database and to be able to resotore it in the new version.

Thanks in advance, Marcel

molar · Dec 13, 2006, 12:11 PM

Has this patch been updated for 1.0.1? Thanks.

hoba · Dec 13, 2006, 8:42 PM

This won't appear in before the next MAJOR Version.