/ Register

Welcome to Centmin Mod Community
Register Now

Sysadmin Poll: SSH Passwords or Keys?

Discussion in 'System Administration' started by deltahf, Oct 24, 2016.

How do you secure SSH access to your server?

  1. Passwords

    1 vote(s)
    8.3%

  2. SSH Keys & Passwords

    5 vote(s)
    41.7%

  3. SSH Keys Only

    6 vote(s)
    50.0%
Previous Thread Next Thread
Loading...
  1. Oct 24, 2016 #1
    deltahf

    deltahf Premium Member Premium Member

    590
    267
    63
    Jun 8, 2014
    Ratings:
    +495
    Local Time:
    3:04 AM
    How many of you use SSH passwords to access your server, and how many of you only use SSH keys? If you're using keys, have you also completely disabled SSH password access?
     
  2. Oct 24, 2016 #2
    Matt

    Matt Well-Known Member

    932
    415
    63
    May 25, 2014
    Rotherham, UK
    Ratings:
    +671
    Local Time:
    8:04 AM
    1.5.15
    MariaDB 10.2
    Once I've fully set up my servers, I disable password auth and only allow keys.
     
  3. Oct 24, 2016 #3
    eva2000

    eva2000 Administrator Staff Member

    55,801
    12,271
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,857
    Local Time:
    5:04 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Really depends on the web host. Before you look into ssh key only (+disable password authentication), make sure your web host is setup with features that allow you to regain access to your server if you ever loose your ssh key's private key and that you know how to use those features to regain access.

    If you don't know how to use those features, setup a test instance/VPS with that web host and test it out. If you're with web host with hourly billed VPSes like Linode, DigitalOcean, and Vultr then it is relatively cheap to test out for a few hours on a test VPS.

    Here's a example text you can use to ask your web host to be sure

    There's numerous how to use ssh key login guides online, but not many go beyond that to explain what to do if you loose your ssh private key and are unable to use password logins. And that can come down to your web host and what measures they have in place i.e. out of band console access etc and recovery ISO/cds available.
     
    Last edited: Oct 25, 2016
  4. Oct 25, 2016 #4
    eva2000

    eva2000 Administrator Staff Member

    55,801
    12,271
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,857
    Local Time:
    5:04 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    And some relevant guides with different web hosts about setting up SSH key authentication and also about recovery as well general need to know info.

    DigitalOcean



    Has out of band console access

    Linode



    Has out of band console access called Lish

    Vultr



    Has out of band console access

    OVH


    RamNode


    Others


    If folks have other linked guides to add for other web hosts etc :)
     
    Last edited: Oct 25, 2016
Previous Thread Next Thread
Loading...

.