[resolved] non-root user with passwordless login AND sudo

[damian0815]

I'd like to be able to disable password login by SSH into my FreeNAS box, and only allow login via my RSA key. I'd also like to be able to `sudo` using this account.

However when I go to create a user 'damian' in the FreeNAS gui, it seems I can either have passwordless login or sudo support, and not both.

Am I misunderstanding what 'passwordless' means here? Should I just hack around in my sshd config files instead of using the GUI?

 

[dlavigne]

You mean you are checking the "Disable password login" box? The docs for that field indicate: "when checked, the user can not log into the system or authenticate to a CIFS share". If you want to ssh to the box key auth, paste the public key into the "ssh public key" box.

 

[damian0815]

Yes, that's what I meant, thanks.

Ahh, then I am misunderstanding it. There's a feature in SSH where you can disable logging in to an account with anything except public key - this makes public-facing servers safer as the only way to login to SSH is using the public key.

I guess this means I need to edit an ssh config file somewhere. I've done it before, just forgotten where the setting is...

 

[dlavigne]

Nope, you should just need to paste in the user's public key.

If you want to "force" all users to use key auth, uncheck the "Allow password authentication" box in Services -> SSH.