Actions
communication #151495
closedJump host SSH only authentication
Status:
Resolved
Priority:
High
Assignee:
Category:
Core services and virtual infrastructure
Target version:
-
Start date:
2023-11-27
Due date:
% Done:
0%
Estimated time:
Description
The current jump hosts allow both password and ssh key auth. Password authentication is insecure, and given it's usage in our VPN config exposes us to possible "full breach" scenarioes.
Jump hosts should require SSH key authentication exclusively to mitigate this risk.
In future all hosts should require SSH key authentication only - passwords should be limited to sudo-access only.
Updated by crameleon 20 days ago
- Status changed from New to Resolved
- Assignee set to crameleon
Already deployed:
$ ssh -o PreferredAuthentications=password thor1.infra.opensuse.org
crameleon@thor1.infra.opensuse.org: Permission denied (publickey,keyboard-interactive).
... for all machines, not only jump hosts.
Cheerio,
Georg
Actions