Issue:
Improve SSH authentication by preferring SSH key-based authentication, with password authentication for root as a failback option.
Details:
To ensure secure access, SSH keys should be supported and preferred for authentication. Root password authentication should only be offered as an optional failback, not as the default.
Recommendations:
- Configure
/etc/ssh/sshd_config to prioritize SSH key-based login for all users, including root.
- Enable password authentication for root only if no SSH keys are present or credential-based login fails.
- Ensure that documentation highlights the security risks of password authentication and encourages SSH key usage.
Acceptance Criteria:
- SSH keys are supported and preferred for authentication.
- Password login for root is allowed only as a fallback if keys are unavailable.
- Clear documentation exists explaining recommended authentication methods and configuration steps.
Issue:
Improve SSH authentication by preferring SSH key-based authentication, with password authentication for root as a failback option.
Details:
To ensure secure access, SSH keys should be supported and preferred for authentication. Root password authentication should only be offered as an optional failback, not as the default.
Recommendations:
/etc/ssh/sshd_configto prioritize SSH key-based login for all users, including root.Acceptance Criteria: