Comment on Do I Need to Harden SSH over Tor?
marcos@lemmy.world 5 months ago
If you don’t have any good reason not to, always set your SSH server to only authenticate with keys.
Anything else is irrelevant.
Comment on Do I Need to Harden SSH over Tor?
marcos@lemmy.world 5 months ago
If you don’t have any good reason not to, always set your SSH server to only authenticate with keys.
Anything else is irrelevant.
AbidanYre@lemmy.world 5 months ago
Spoiler alert: you probably don’t.
marcos@lemmy.world 5 months ago
This is the internet. If you poke the bear, somebody will come-up with a completely reasonable use case of password authentication that happened once somewhere on the world.
thebardingreen@lemmy.starlightkel.xyz 5 months ago
Easy. I have servers that are only available on my local network and lots of different devices that I MIGHT want to use to access those servers. I haven’t bothered to make sure my key is on EVERY SINGLE DEVICE and some of them, I might not actually even WANT my key on as they’re not terribly well secured and they might leave my house (my Windows gaming laptop I haven’t used in six months comes to mind).
But for cloud accessible servers… yeah.
EarMaster@lemmy.world 5 months ago
You know you’re allowed (some might even say supposed) to have different keys for different machines. They’re basically free to generate and take up to no space.
captain_aggravated@sh.itjust.works 5 months ago
Playing with a Raspberry Pi inside my own home network with nothing important going on and I turned the Pi off when I’m done. Like why worry about it at that point?
Acters@lemmy.world 5 months ago
Yes, but I usually add my public key to the authorized_keys file and turn off password authentication once i do login with a password. On top of that, I have a sshpass one line command that takes care of this for me. It’s much easier than trying to manually type a password for the next time. I save it and just run it every time I think about using password login. Next time I need to ssh, I know the password login is not necessary.
At the next reboot, your system will now only accept key logins, except for root. I hope the root user password is secure. I don’t require it for root because if a hacker does gain shell access, a password(or priv esc exploit) is all they need to gain root shell. It is also a safety net in case you need to login and lost your private key.
marcos@lemmy.world 5 months ago
Yeah, that’s not a good reason.
It’s much easier to authorize a key than to input your password on every kind of interaction.
AbidanYre@lemmy.world 5 months ago
If the is, I’d love to hear it. But even JuiceSSH on Android has supported keys for like the last decade.
someonesmall@lemmy.ml 5 months ago
AbidanYre@lemmy.world 5 months ago
WCGW?
someonesmall@lemmy.ml 5 months ago
Tell me
wreckedcarzz@lemmy.world 5 months ago
You’ve gotta pump those numbers, those are rookie numbers. (I have a vps that has several times that figure)
someonesmall@lemmy.ml 5 months ago
Did you read my message? After one failed attempt you will get banned.