LOLmaybe choose "yes" there?
of course choose "yes" , really an aspiring suggestion from an Aspiring Daemonmaybe choose "yes" there?
$ sudo service sshd restartYou should definitely type "yes" and then confirm this with enter key press.
This message appears on first ssh login to host, which is not added yet to your "list of known hosts"
(~/.ssh/known_hosts file).
The default for 'PermitEmptyPasswords' is no; you must set it to 'Yes' if that's what you really want to do (but why?)
I've never been sure what constitutes an empty password in FreeBSD...
On a new installation of FreeBSD I always set
PermitRootLogin yes
in /etc/ssh/sshd_config but am not allowed to login initially because no password has been using passwd(). However I am able to enter a blank password by jest pressing ENTER twice and then I can login.
So does that constitute an empty password? I guess not.
empty password=auto login after input username ? system even don't bother asking you for a passwordI've never been sure what constitutes an empty password in FreeBSD...
On a new installation of FreeBSD I always set
PermitRootLogin yes
in /etc/ssh/sshd_config but am not allowed to login initially because no password has been using passwd(). However I am able to enter a blank password by jest pressing ENTER twice and then I can login.
So does that constitute an empty password? I guess not.
Yep! That's how i've set it up on my servers.Why not set up a pre-shared key rather than have an empty password?
I've never been sure what constitutes an empty password in FreeBSD...
On a new installation of FreeBSD I always set
PermitRootLogin yes
in /etc/ssh/sshd_config but am not allowed to login initially because no password has been using passwd(). However I am able to enter a blank password by jest pressing ENTER twice and then I can login.
So does that constitute an empty password? I guess not.
ssh-keygen -t ed25519
ssh-copy-id -i ~/.ssh/id_ed25519.pub -p 1798 user@123.456.789.001
PermitEmptyPasswords yes, config altered ,sshd restarted , user mas with empty passwords still can't login.
Any user with passwords include root can login.
ssh-agent(1)but you are really adding another step by having to send a passphrase.
% /usr/local/bin/ssh -V
OpenSSH_8.2p1, OpenSSL 1.1.1e 17 Mar 2020
% /usr/bin/ssh -V
OpenSSH_7.8p1, OpenSSL 1.1.1d-freebsd 10 Sep 2019
What about public key passphrase? Does everyone use passphrase protected keys?
I use them because it feels secure but you are really adding another step by having to send a passphrase.
I understand it is more secure but it it really worth it?
In newer versions of OpenSSH, certainly the one in the port, but I'm not sure about the version in the base, the default is PermitRootLogin prohibit-password. This allows you to authenticate directly as root using a key but will refuse a password.
This is a reasonable compromise as long as you still understand the consequences. Although as I said, might need to use the port/pkg version rather than the base.
Code:% /usr/local/bin/ssh -V OpenSSH_8.2p1, OpenSSL 1.1.1e 17 Mar 2020 % /usr/bin/ssh -V OpenSSH_7.8p1, OpenSSL 1.1.1d-freebsd 10 Sep 2019
Although, now I read the man page. It looks like without-password might work on older versions?
If this option is set to prohibit-password (or its deprecated alias, without-password), password and keyboard-interactive authentication are disabled for root.