/ Register

Learn about Centmin Mod LEMP Stack today
Become a Member

Sysadmin Poll: SSH Passwords or Keys?

Discussion in 'System Administration' started by deltahf, Oct 24, 2016.

How do you secure SSH access to your server?

  1. Passwords

    1 vote(s)
    10.0%

  2. SSH Keys & Passwords

    4 vote(s)
    40.0%

  3. SSH Keys Only

    5 vote(s)
    50.0%
Previous Thread Next Thread
Loading...
  1. Oct 24, 2016 #1
    deltahf

    deltahf Premium Member Premium Member

    299
    134
    43
    Jun 8, 2014
    Ratings:
    +216
    Local Time:
    6:49 AM
    How many of you use SSH passwords to access your server, and how many of you only use SSH keys? If you're using keys, have you also completely disabled SSH password access?
     
  2. Oct 24, 2016 #2
    Matt

    Matt Moderator Staff Member

    795
    354
    63
    May 25, 2014
    Rotherham, UK
    Ratings:
    +537
    Local Time:
    11:49 AM
    1.5.15
    MariaDB 10.2
    Once I've fully set up my servers, I disable password auth and only allow keys.
     
    • Informative Informative x 1
  3. Oct 24, 2016 #3
    eva2000

    eva2000 Administrator Staff Member

    37,263
    8,144
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,536
    Local Time:
    9:49 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    Really depends on the web host. Before you look into ssh key only (+disable password authentication), make sure your web host is setup with features that allow you to regain access to your server if you ever loose your ssh key's private key and that you know how to use those features to regain access.

    If you don't know how to use those features, setup a test instance/VPS with that web host and test it out. If you're with web host with hourly billed VPSes like Linode, DigitalOcean, and Vultr then it is relatively cheap to test out for a few hours on a test VPS.

    Here's a example text you can use to ask your web host to be sure

    There's numerous how to use ssh key login guides online, but not many go beyond that to explain what to do if you loose your ssh private key and are unable to use password logins. And that can come down to your web host and what measures they have in place i.e. out of band console access etc and recovery ISO/cds available.
     
    Last edited: Oct 25, 2016
    • Agree Agree x 2
  4. Oct 25, 2016 #4
    eva2000

    eva2000 Administrator Staff Member

    37,263
    8,144
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,536
    Local Time:
    9:49 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    And some relevant guides with different web hosts about setting up SSH key authentication and also about recovery as well general need to know info.

    DigitalOcean



    Has out of band console access

    Linode



    Has out of band console access called Lish

    Vultr



    Has out of band console access

    OVH


    RamNode


    Others


    If folks have other linked guides to add for other web hosts etc :)
     
    Last edited: Oct 25, 2016
    • Informative Informative x 3
Previous Thread Next Thread
Loading...
..

.