Opened 12 years ago

Closed 6 years ago

#516 closed task (wontfix)

disable remote password access to dev.openstreetmap.org

Reported by: Sebastian@… Owned by: Sebastian@…
Priority: minor Milestone:
Component: admin Version:
Keywords: Cc:

Description

Currently everyone (including root) can remotely log into the dev server. Given, that I don't even know the root password (it might be 123 for what i know), that seems very insecure. I would love to either disable direct root access (which would require people to sudo after logging in) or to disable password access completely for all people and require ssh key authentication.

As it is right now, password crackers have all the time of the world to try out passwords.

Change History (3)

comment:1 Changed 12 years ago by Tom Hughes

Note that the same applies to www (and presumably all the other machines).

comment:2 Changed 11 years ago by Sebastian@…

Priority: majorminor

at least root cannot log in directly anymore. I'll leave it for now as is.

comment:3 Changed 6 years ago by iandees

Resolution: wontfix
Status: newclosed

Cleaning old tickets.

Note: See TracTickets for help on using tickets.