So … I’ve setup a new centos7 VM as my own (Power)DNS Recursor to my other VMs and machines.
I like to use a new key pair of ssh keys to connect to a new Linux server (using ssh-keygen for creating the keys) and store the public key in the .ssh/authorized_keys of the user I will use to this new server. This user can run sudo afterworks.
ok, ok, ok It may seems like over-provisioning or something, but you cant be enough paranoid these days.
Although, my basic sshd conf/setup is pretty simple:
Port XXXX PermitRootLogin no MaxSessions 3 PasswordAuthentication no UsePAM no AllowAgentForwarding yes X11Forwarding no
restarting sshd with systemd:
# systemctl restart sshd Jun 09 10:58:05 vogsphere systemd: Stopping OpenSSH server daemon... Jun 09 10:58:05 vogsphere sshd: Received signal 15; terminating. Jun 09 10:58:05 vogsphere systemd: Started OpenSSH Server Key Generation. Jun 09 10:58:05 vogsphere systemd: Starting OpenSSH server daemon... Jun 09 10:58:05 vogsphere systemd: Started OpenSSH server daemon. Jun 09 10:58:05 vogsphere sshd: WARNING: 'UsePAM no' is not supported in Red Hat Enterprise Linux and may cause several problems. Jun 09 10:58:05 vogsphere sshd: Server listening on XXX.XXX.XXX.XXX port XXXX.
And there is a WARNING !!!
“UsePAM no” is not supported
So what’s the point on having this configuration entry if you cant support it ?