I have a debian box that I connect to via SSH. I have removed the password from the users root
, and my personal account using the instructions here, and set up a public/private key pair so I can log in, but only if I have the private key.
I recently ran cat /etc/passwd
in order to see what other users where on the system, and got a fair list back. So, how can I determine the password status for each user so that if I make the box public to the wider world (via ssh only), there are no other users that someone could use to authenticate with?
Best Answer
Probably you should look at sshd configuration.
There is an option to deny password authentication:
and you can create a list of users that are allowed to connect via ssh: