Comment on Do I Need to Harden SSH over Tor?
marcos@lemmy.world 10 months ago
If you don’t have any good reason not to, always set your SSH server to only authenticate with keys.
Anything else is irrelevant.
Comment on Do I Need to Harden SSH over Tor?
marcos@lemmy.world 10 months ago
If you don’t have any good reason not to, always set your SSH server to only authenticate with keys.
Anything else is irrelevant.
AbidanYre@lemmy.world 10 months ago
Spoiler alert: you probably don’t.
marcos@lemmy.world 10 months ago
This is the internet. If you poke the bear, somebody will come-up with a completely reasonable use case of password authentication that happened once somewhere on the world.
thebardingreen@lemmy.starlightkel.xyz 10 months ago
Easy. I have servers that are only available on my local network and lots of different devices that I MIGHT want to use to access those servers. I haven’t bothered to make sure my key is on EVERY SINGLE DEVICE and some of them, I might not actually even WANT my key on as they’re not terribly well secured and they might leave my house (my Windows gaming laptop I haven’t used in six months comes to mind).
But for cloud accessible servers… yeah.
EarMaster@lemmy.world 10 months ago
You know you’re allowed (some might even say supposed) to have different keys for different machines. They’re basically free to generate and take up to no space.
captain_aggravated@sh.itjust.works 10 months ago
Playing with a Raspberry Pi inside my own home network with nothing important going on and I turned the Pi off when I’m done. Like why worry about it at that point?
Acters@lemmy.world 10 months ago
Yes, but I usually add my public key to the authorized_keys file and turn off password authentication once i do login with a password. On top of that, I have a sshpass one line command that takes care of this for me. It’s much easier than trying to manually type a password for the next time. I save it and just run it every time I think about using password login. Next time I need to ssh, I know the password login is not necessary.
At the next reboot, your system will now only accept key logins, except for root. I hope the root user password is secure. I don’t require it for root because if a hacker does gain shell access, a password(or priv esc exploit) is all they need to gain root shell. It is also a safety net in case you need to login and lost your private key.
marcos@lemmy.world 10 months ago
Yeah, that’s not a good reason.
It’s much easier to authorize a key than to input your password on every kind of interaction.
AbidanYre@lemmy.world 10 months ago
If the is, I’d love to hear it. But even JuiceSSH on Android has supported keys for like the last decade.
someonesmall@lemmy.ml 10 months ago
AbidanYre@lemmy.world 10 months ago
WCGW?
someonesmall@lemmy.ml 10 months ago
Tell me
wreckedcarzz@lemmy.world 10 months ago
You’ve gotta pump those numbers, those are rookie numbers. (I have a vps that has several times that figure)
someonesmall@lemmy.ml 10 months ago
Did you read my message? After one failed attempt you will get banned.