I’ve been unhappy for a while having the SSH daemon on my web server VPSs with password authentication enabled. Of course, it’s on a non-standard port, blocks root logins, and takes a strong-ish password… but the risk of a successful dictionary attack has still felt too non-zero for comfort.
Equally, though, I’ve not wanted to give up the ability to log in to the servers from anywhere to fix things in an emergency, so I didn’t want to turn password authentication off and rely on public keys alone.
Until now, that is. I realised yesterday that, since I have iSSH on the iPhone, which does public key authentication, I can log into my servers from anywhere, even with password authentication turned off. Granted, doing anything serious on a tiny screen and slow connection is difficult. But all I actually need to be able to do from there is temporarily turn password authentication back on.
And to make this easy, I’ve put two ultra-simple scripts in ~/bin:
#!/bin/bash sudo sed -r -e 's/^PasswordAuthentication no$/PasswordAuthentication yes/' \ -i.previous /etc/ssh/sshd_config sudo /etc/init.d/ssh restart
#!/bin/bash sudo sed -r -e 's/^PasswordAuthentication yes$/PasswordAuthentication no/' \ -i.previous /etc/ssh/sshd_config sudo /etc/init.d/ssh restart
(These paths are suitable for Ubuntu 8.04).