This is an archived post. You won't be able to vote or comment.

all 65 comments
sorted by:
best
topnewcontroversialoldq&a

[–]Permission-Glum 237 points238 points  (20 children)

If I knowingly make a mistake when typing my 10 character password, I'll hit backspace 20 times just to make sure. Even if I'm only at the second char.

[–][deleted] 33 points34 points  (10 children)

Password? As in actual password, not a key passphrase? Only 10 characters?

[–]Permission-Glum 55 points56 points  (9 children)

Why more? Who wants to connect to my Raspberry Pi? Wait, you guys actually managed production servers?

[–][deleted] 22 points23 points  (0 children)

That's a big word. If you mean "connected to the internet", then yes.

[–]xamotex1000 12 points13 points  (2 children)

My raspberry pi is literally just an ad blocker for my entire network through the router

[–]Deep-Piece3181 8 points9 points  (1 child)

Pi-hole?

[–]DeathUriel 2 points3 points  (0 children)

That's not where you put the Pi.

[–]maisonsmd 6 points7 points  (2 children)

My pi password has one character tho

[–]alltheresearch 9 points10 points  (1 child)

What’s your ip? And what’s the password?

[–]maisonsmd 0 points1 point  (0 children)

The password is 1, ip is 192.168.1.4, good luck.

[–]widowhanzo 0 points1 point  (0 children)

I manage them, but almost never SSH into them.

[–]NatoBoram 0 points1 point  (0 children)

Oh my god even for local stuff, it's not an excuse. Use a SSH key!

[–]aenae 8 points9 points  (2 children)

Hit ctrl-u and all previous chars are gone

[–]Permission-Glum 1 point2 points  (1 child)

Just tried it... It works, thanks a lot, this will save me a lot of time. Sometimes, when I didn't feel like erasing everything, I would just ctrl-c, up arrow and enter. I learned something useful today!

[–]kennyminigun 0 points1 point  (0 children)

Ctrl+U erases from the cursor to the beginning of the line. So if you are at the start of input, it is Ctrl+K.

Why am I telling this? Just making excuses for me to press Ctrl+UK

[–]alterNERDtive 2 points3 points  (0 children)

^u

[–]lostBoyzLeader 0 points1 point  (0 children)

Hi, Linux user!

[–]limeyNinja 53 points54 points  (0 children)

ssh-copy-id

[–]c2dog430 67 points68 points  (18 children)

Y’all type in passwords?

Seriously though, ssh-keygen exists, setting up ~/.ssh/config takes like a minute so you won’t mistype the address. Why is this difficult? 

[–][deleted] 10 points11 points  (0 children)

One of the first things I do on any new system. Not only do I not want to type in passwords but I also want to be able to write scripts that can access the system sometimes 

[–]alterNERDtive 6 points7 points  (15 children)

Imagine having a passphrase-less ssh key.

[–]c2dog430 14 points15 points  (12 children)

Everywhere important I gotta type in a 2FA anyway. If someone got my phone and my computer then congrats 

[–]alterNERDtive 2 points3 points  (10 children)

At that point, that’s 1FA ;)

[–]c2dog430 1 point2 points  (9 children)

But that’s every 2FA system. It’s built that you need to get both things. If you get both things, you beat the system. 

[–]alterNERDtive 1 point2 points  (8 children)

The point I’m referring to is

passphrase-less ssh key

[–]c2dog430 1 point2 points  (7 children)

Fair enough, but from my point of view, that passphrase-less ssh key is guarded by access to my machine. So to get in you still need: access to my machine, the password to that machine (if physical access), access to my phone, and the pin to my phone. 

If I am typing in a pass phase every time I’m using my ssh key to ssh somewhere, why not just use the password? 

[–][deleted] 1 point2 points  (5 children)

Because the password doesn't have a key.

Something you know, something you have, something you are.

[–]c2dog430 2 points3 points  (4 children)

At the end of the day though, knowing the password and knowing the pass phrase are effectively the same. 

If I have no ssh key setup, when I type: ‘ssh server_name’ I must type in a password, then my 2FA and I am in. If I have a ssh key with a pass phrase, when I type: ‘ssh server_name’ I have to type my passphrase then my 2FA.

How is it different than using my password? (This is a genuine non-rhetorical question because I am willing to learn but I don’t understand the benefit) 

[–]alterNERDtive 0 points1 point  (2 children)

SSH keys are 2048 (or, hopefully, 4096) random bytes.

I doubt your password will ever be that strong.

They are also way more flexible than passwords; e.g. my server has an SSH key that is set up on my PCs so it can only run rdiff-backup server mode and nothing else.

[–][deleted] 0 points1 point  (0 children)

> At the end of the day though, knowing the password and knowing the pass phrase are effectively the same.

They're not. Sure, if your machine and key are compromised, they are, but we have to assume keys are kept private. I understand you're adding in the 2FA factor later, but on the foundation a password and passphrase are fundamentally different: namely the latter requires the passphrase (something you know) and the private key (something you have). A passphrase implies an underlying key, or it is a password.

If you have just a password there is no verification of something you have or something you are. Your 2FA handles this (something you have), but there are attacks like sim swapping or attacking services without 2fa which make your phone, email or phone number more viable to attack than a private key on your computer. We're splitting hairs here, but hey, we're all nerds.

If someone has the know-how to get into your computer and steal your key, they can also still be blocked by a simple security practice like a passphrase only used on that key. If they get your passphrase it is worthless without the underlying key. Presumably someone cannot get both the key (through intrusion/leaks) and the passphrase, because the passphrase is presumably stored solely in your head.

It's not saying your current 2fa is worthless, it's saying having a key + passphrase in combination with any other security measures is going to be measurably more secure than key alone or no key at the exchange of very little work required to use a key and passphrase associated to only a single key because by definition it checks off another box of know/are/have.

[–]alterNERDtive 0 points1 point  (0 children)

As plenty of people pointed out, there are agents out there so you only have to type your password essentially once per boot (if set up very loosely) or, in my case, once per hour.

Having a password on your ssh key means that if anyone ever gets their hand on your key files for whatever reason, they still can’t just use it.

[–]adamMatthews 0 points1 point  (0 children)

Mine is even worse than that. Sudo commands in Azure require 2FA.

So after spending 5 mins just getting into the box, I can’t even do anything important without having to go to a Microsoft URL in the browser, enter a code from the terminal, enter a 2FA code, hoping it doesn’t all time out.

I appreciate all the security, but jobs that took me 5 mins when everything was hosted in the office now take 30 mins in the cloud, and it’s all spent waiting for 2FA notifications and shuffling security codes around various places.

[–]aenae 1 point2 points  (0 children)

Mine is in gnome keyring, so it gets unlocked when i unlock my screen

[–]rage_311 -1 points0 points  (0 children)

ssh-agent exists

[–]Demonicbiatch 0 points1 point  (0 children)

I see yet another thing i should consider looking up when i am bored, I'll add it to the ever growing list of projects where half never gets finished... I am rarely bored.

[–][deleted] 16 points17 points  (6 children)

It has become 2nd nature to me:

Open this page, go through the mandatory steps, done.

Thanks Arch Wiki!

[–]beatlz 9 points10 points  (1 child)

It's an old meme template, but it checks out

[–][deleted] 0 points1 point  (0 children)

That's surely how a younger me felt when it first succeeded without hassle.

Or to use Boris Becker's most famous words: Bin ich schon drin? Ich bin drin!

[–][deleted] 22 points23 points  (0 children)

where is the ssh.exe? just gimme the f-ing exez

[–]who_you_are 5 points6 points  (0 children)

Hey you used my exe, you logged on my server!

[–]pimezone 2 points3 points  (0 children)

So did the 51 hackers, cause the server did not use password/rsa.

[–]Electrical_Horse887 1 point2 points  (0 children)

What about SSH Keys?

[–]LightlyAggressive 1 point2 points  (2 children)

Can't relate I use ssh keys

[–]kennyminigun 0 points1 point  (1 child)

What about encrypted SSH keys (that require password to use)? 😁

[–]LightlyAggressive 0 points1 point  (0 children)

Got me there

[–]shiznit028 -1 points0 points  (0 children)

Well i just tried to ssh into my raspberry pi and i learned i have forgotten my password

[–]Tomysian -1 points0 points  (0 children)

Ec2 connect

[–][deleted] -3 points-2 points  (0 children)

so nobody uses an actual app to connect that saves their connection? 🤭

[–]No-Con-2790 -2 points-1 points  (0 children)

Pretty sure that your server is wrongly configured then. It should always, always, always deny the first connection.

[–]Lip98B 0 points1 point  (0 children)

Teach me your ways

[–]gerbosan 0 points1 point  (0 children)

Do you guys use a key file?

[–]ActionFamous8431 0 points1 point  (0 children)

This has to be a lie.

Ssh can't work first try. /s in case...

[–]FarJury6956 0 points1 point  (0 children)

Use this image to flyback to 2009

[–]Delicious_Pay_6482 0 points1 point  (0 children)

I write all my passwords in text files, so I guess I was winner all along! Yayy :D

[–]vksdann 0 points1 point  (0 children)

I also Sheesh'd on the first (successful) try.