Are you setting and managing other’s passwords?
Comment on [deleted]
StrixUralensis@tarte.nuage-libre.fr 3 weeks agoPasswordless login only
Never understood this
I don't think that anyone or anyrhing, computer or mentalist, will guess my 40+ characters long password
etchinghillside@reddthat.com 3 weeks ago
surph_ninja@lemmy.world 3 weeks ago
Especially paired with Fail2Ban preventing any brute force attempts.
But with a WireGuard setup, you need not have the port exposed at all.
truthfultemporarily@feddit.org 3 weeks ago
The idea behind keys is always, that keys can be rotated. Vast majority of websites to that, you send the password once, then you get a rotating token for auth.
Most people don’t do that, but you can sign ssh keys with pki and use that as auth.
Cryptographically speaking, getting your PW onto a system means you have to copy the hash over. Hashing is not encryption. With keys, you are copying over the public key, which is not secret. Especially managing many SSH keys, you can just store them in a repo no problem, really shouldn’t do that with password hashes.
non_burglar@lemmy.world 3 weeks ago
With ssh, over 90% of the vulnerabilities are abusing the password mechanism. If you setup pre-shared keys, you are preventing the most common abuses, including in the realm of zero days.
StrixUralensis@tarte.nuage-libre.fr 3 weeks ago
Oh I see, ty !