| ▲ | 0x073 5 days ago |
| I thought cockpit use pam, so you can use other pam modules to log in. |
|
| ▲ | k_bx 4 days ago | parent [-] |
| Can you explain a bit more? The user passwords are inherently not strong enough so I disable all ssh via password and only use private keys (id_ed25519). If cockpit allowed me to use one I'd be ok, but if they don't – I at least want some scary auto-generated password only for cockpit, not the system user's one (which is often very weak). |
| |
| ▲ | natebc 4 days ago | parent [-] | | so bind cockpit to 127.0.0.1 and use ssh port forwarding? You could also have a more strict password policy but I don't know that I'd ever want to expose something like cockpit to the raw Internet. | | |
| ▲ | k_bx 4 days ago | parent [-] | | Yes but if there's going to be something lightweight and correct-by-default I'd prefer that, mostly because I have many machines to manage and a team of people to educate. I'd like default to be good instead of wasting time and risking. |
|
|
