Home / server / Questions / 401980
Accepted
ericvg
Asked: 2012-06-26 03:52:17 +0800 CST

Should I create a password for a user if they only will be using ssh key authentication?

  • 772

I am adding a new user account (to a CentOS 6.2 box) which will only use ssh key authentication (with a strong key passphrase of course). I have disabled ssh password auth in sshd_config.

Should I even use passwd to setup a password for them? Is there a security issue not creating a password?

security ssh password-management

3 Answers

  1. Best Answer

    No, you don't need a password if you will be only using SSH key authentication.

    Even, if you set a password for this user, you can disable password authentication in sshd_config for specific users/groups.

    • 2

  2. It would depend on if there was any other kind of interactive login they could use.

    1. Physical access
    2. su
    3. Auth via pam using /etc/passwd for any other service

    I would have thought it was good practice to at least set a password - if you are not 100% confident that another application could authenticate via pam using /etc/passwd

    • 1

  3. You don't need to use a password on login, but I do suggest using a passphrase on the private key on the user. This means you'll have to use a forwarding agent, but then you provide security on the user's end if their machine is accessed or compromised.

    Other than that potential issue, you should really be increasing security as there is no password for an attacker to even attempt to crack.

    • 1