Hi everybody

I just installed cockpit in a server that I have access exclusively with ssh keys, my surprise is that the user hasn't a password and installing cockpit make possible to login without password opening a breach. Having users without password is a problem but if you have ssh set up to enforce key authentication this problem can happen silently, once you install cockpit anyone with access to the servers 9090 port and the user name will gain access to the server.

Again i still think that the cause is the user without password, but would be nice if cockpit enforce password authentication to avoid this, what you guys think?

Regards,

PS: I tested with cockpit 176 from centos 7.6 repos

--