From nobody Tue Jan 30 06:43:08 2024 X-Original-To: freebsd-questions@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4TPFx75TkJz58RKh for ; Tue, 30 Jan 2024 06:43:23 +0000 (UTC) (envelope-from tomek@cedro.info) Received: from mail-yw1-x1131.google.com (mail-yw1-x1131.google.com [IPv6:2607:f8b0:4864:20::1131]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4TPFx72gjzz4jGR for ; Tue, 30 Jan 2024 06:43:23 +0000 (UTC) (envelope-from tomek@cedro.info) Authentication-Results: mx1.freebsd.org; none Received: by mail-yw1-x1131.google.com with SMTP id 00721157ae682-6029e069e08so48233297b3.0 for ; Mon, 29 Jan 2024 22:43:23 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cedro.info; s=google; t=1706597002; x=1707201802; darn=freebsd.org; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :from:to:cc:subject:date:message-id:reply-to; bh=eKf8HDE7UQX2lFx5pOQR63jwBaVboYix8PmkRWSBYeo=; b=JB22JjXqwrytrU++6u2VsZX0zwRuVlRNLgxXq1egv+bAqfKsxsyZUjHsektYPtwu1Y HJTIqLOgibDIBIJrljA733PlK2eVWgchERX8TaWsdIQooeT7sh/2UyZiEDW2Uvyzj2sT 1E4eYgYYmX2CKIZaHIGk5le8Po7lSuX/PnJPqV8SHcX6PX+ZIiwwlI2Nq1kmgBxBTLbX zOsND3vcy0Yl6ZOJarBSGB+bHDiHaPbHVAauv+fqOYs3gZwoRzCfFC5nf94ijQNollSV uELv94A0bloqeXqnxAL2Rtaj621eUwwUL+QosOYpe8X9rIxX5FMevqzhCGAAK2zueqJS q8kw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1706597002; x=1707201802; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=eKf8HDE7UQX2lFx5pOQR63jwBaVboYix8PmkRWSBYeo=; b=BXOjyGey/amvbu+1zxU0aRgKdMf2yqhW3NfRXQMGSjAxTywVbZ/ldnZSQ9CjsOdIuI Pv6LxSw/qn9vQNosyD+nGglEs/CoZ5RAR8Za39cMmYTVUaJKFMZ78BSeCQsp6b/gK8L1 OKxl8mZWtJaXcPNLwt3FmaR4RRX3ZNmFnn0LYnBQkHBOpwCKA7fm9wsTcrFZAp2/QZaS cBeAmzf/kmhuJoPXdUfyY5JjQL7rsRB2jo7b/VXK7Bpj3VfsgmfXx6jO54HwuJXpywQv sfGTYQKCfoBBgddK7yxn9XWB2zNRZ3NTkIclsRwM75j/vDq/+ebq6Lub8IqPDiMSyQsD HbDw== X-Gm-Message-State: AOJu0Yz7vYSF5jCcQT+mPD5F4ywsOo+v+1mJOy0KrXOEcpcSiON0uMk8 0ZzBPTqKTGA41Kh64ypm4F27iZydsFJ/Zw3dFmyzcrNpdQwFdnB7bupoX0xDuckQYtAXX8pmLPA = X-Google-Smtp-Source: AGHT+IG/YjmxzXV2KKmLTCyuZdaCtbOGSLC+S1c87SoEribJ+pByhT2xeBnPBQ8U2d269CNE7qSZNQ== X-Received: by 2002:a81:e207:0:b0:5ff:4d23:9243 with SMTP id p7-20020a81e207000000b005ff4d239243mr5074735ywl.15.1706597001941; Mon, 29 Jan 2024 22:43:21 -0800 (PST) Received: from mail-yw1-f174.google.com (mail-yw1-f174.google.com. [209.85.128.174]) by smtp.gmail.com with ESMTPSA id i71-20020a81914a000000b00603eb201977sm600781ywg.70.2024.01.29.22.43.21 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 29 Jan 2024 22:43:21 -0800 (PST) Received: by mail-yw1-f174.google.com with SMTP id 00721157ae682-5edfcba97e3so40353587b3.2 for ; Mon, 29 Jan 2024 22:43:21 -0800 (PST) X-Received: by 2002:a0d:ead2:0:b0:5ff:82fc:9686 with SMTP id t201-20020a0dead2000000b005ff82fc9686mr5488910ywe.3.1706597001141; Mon, 29 Jan 2024 22:43:21 -0800 (PST) List-Id: User questions List-Archive: https://lists.freebsd.org/archives/freebsd-questions List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org MIME-Version: 1.0 References: <20240130043205.2japt7ja7j5urm5r@yosemite.mars.lan> In-Reply-To: <20240130043205.2japt7ja7j5urm5r@yosemite.mars.lan> From: Tomek CEDRO Date: Tue, 30 Jan 2024 07:43:08 +0100 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: Enabling SSD To: paulf@quillandmouse.com, FreeBSD Questions Mailing List Content-Type: multipart/alternative; boundary="00000000000007248506102414be" X-Rspamd-Queue-Id: 4TPFx72gjzz4jGR X-Spamd-Bar: ---- X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US] --00000000000007248506102414be Content-Type: text/plain; charset="UTF-8" > PermitRootLogin yes this is extremely dangerous. have you considered su or sudo? > PubkeyAuthentication no this is really easy. try one as an exercise. you can generate public and private keys pair with a script. then you keep the private key on your own computer and public key on the remote host. you can protect the key with password. you can even put the private key on the usb token (i.e. yubikey) so it's not stored as a file and you carry the key all the times protect it with a pin and use it for different hosts so you don't have to remember thousands of passwords :-) -- CeDeROM, SQ7MHZ, http://www.tomek.cedro.info --00000000000007248506102414be Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
> PermitRootLogin yes

this is extremely dangerous. have= you considered su or sudo?

> PubkeyAuthentication no

this is really easy. try one as an exercise. you can generat= e public and private keys pair with a script. then you keep the private key= on your own computer and public key on the remote host. you can protect th= e key with password. you can even put the private key on the usb token (i.e= . yubikey) so it's not stored as a file and you carry the key all the t= imes protect it with a pin and use it for different hosts so you don't = have to remember thousands of passwords :-)

--
CeDeROM, SQ7MHZ, http://www.tomek.cedro.info
--00000000000007248506102414be--