37

Why nobody uses public/private key authentication for ssh and disable password auth?

Am I the only one around here doing this?

Comments
  • 7
    Everyone who cares about security and convenience does this
  • 1
    @tahnik It just the fact that I see many posts here saying they got hacked or that there where attempts of unauthorised logging in.
  • 0
    Welcome to devRant! I use it.
  • 3
    @Jumpshot44 Thank you, I found out about devRant just yesterday. It is a pity it is not known amongst all devs.
  • 2
    Even if you disable password login, the authentication attempts still show up in the auth.log 😉
  • 0
    As a Windows user I found setting this up to be quite a hassle so I used password authentication for some time. Then I discovered OpenSSH.
  • 1
    Everyone I know does this. NB - it's also worth setting up a passphrase for your key (the prompt you get when you create it) if you have more than one server. Don't let a stolen laptop be the keys to the kingdom for the sake of convenience!

    But yeah stop using password authentication. IIRC it goes over in plaintext.
  • 0
    What is this?
  • 1
    Also adding an alias to config file inside .ssh folder is pretty handy. Then just command "ssh myalias"
  • 0
    @marceloch2 I suspect everyone who is using public/private key is using this feature (config file) for quick connect.
    It is tragic to type the path of the key in each ssh command...
    And in case you have multiple keys for multiple machines, oh boy... I feel sorry for you...
  • 2
    @Lel00 Black magic...

    Seriously now?

    Here, let me give you a hand

    https://cyberciti.biz/faq/...
    https://digitalocean.com/community/...
  • 1
    If you are the only one doing that, perhaps you need to surround yourself with better people.
  • 0
    @theofanis Thank you man :)
  • 1
    Omg!!!! That is the first thing I do when I get ssh access to any machine.
    Fuck passwords!!!!
Add Comment