-2

This question is just for curiosity. I am studying a bit of server administration and have seen many people saying that having passwords is a bad idea and they should be disabled. But my question is: if the passwords are disabled and the admin creates a new user how is he supposed to upload his new public key? Also, that would create many problems, for example, if the admin somehow loses his key how is he supposed to regain access to the server?

How does the workflow work on a server without passwords? Is it really worth it?

Carlos Andrés del Valle
  • 97
  • 1
  • All the cases you describe work exactly the same with public key authentication as with passwords. For example, the case of the admin losing her key is resolved just the same as would losing her password if passwords were in use. Which specific situation do you think would need to be handled differently? – Tilman Schmidt Jan 10 '22 at 01:42
  • Requests for product, service, or learning material recommendations are off-topic because they attract low quality, opinionated and spam answers, and the answers become obsolete quickly. Instead, describe the business problem you are working on, the research you have done, and the steps taken so far to solve it. – djdomi Jan 10 '22 at 05:06

1 Answers1

0

having passwords is a bad idea and they should be disabled

Yes, passwords are terrible.

A privilaged user credential needs to be set when the OS is first installed. Probably a ssh key for root. This is the user that sets up auth for other people.

In environments with central authentication, the host doesn't need to have keys installed. Configure sshd to look a user up with an AuthorizedKeysCommand. Or maybe use Kerberos for auth. So if the private key is lost, generate a new one and reset it in the identity system.

Grant two or more people privilaged accounts, sudo rules for their personal user or similar. Have each use different credentials, so they have independent access.

When credentials are lost, use hardware access to gain entry. Boot to single user mode, or mount the disk on some other instance. Edit in known credentials.

If every way to get in fails, get out the business continuity plan. Rebuild a new install and restore data from backup.

None of this requires passwords.

John Mahowald
  • 30,009
  • 1
  • 17
  • 32