Require SSH keys for login / SFTP
Once SSH keys have been set up on a server, password login should be disabled, or at least have an option to disable it.
13
votes

-
Silvio commented
Agree with this, this is a security issue also for me. It's strange to have 2FA for login but not SSH password disabling feature... Bruteforce ssh attack are very common...
-
Lee commented
Agreed, this is needed.
-
Chris Dart commented
I definitely agree. This is increasingly required for PCI compliance now.
-
chris commented
Yes I definitely agree with this suggestion.
-
Adam commented
This is a big security issue for me, should really be able to disable password logins.